Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Outlook Anywhere prompts for credentials during 14-day expiry notification period

Outlook Anywhere prompts for credentials during 14-day expiry notification period

Symptoms

Consider the following scenario: You have a domain-joined computer that is running Microsoft Office Outlook 2007. The computer connects through RPC/HTTP to a server that is running Microsoft Exchange Server 2003.

In this scenario, you are prompted for credentials during the 14-day expiry notification period for changing the password.

↑ Back to the top

Cause

This problem occurs if the following conditions are true:

  • The IISADMPWD password change pages are configured on the website that hosts the RPC/HTTP component and the RPC virtual directory. And, the IISADMPWD pages are configured to generate advance notification messages to notify you when your password will expire.
  • Your password is set to expire within the password expiry window for which the IISADMPWD pages send the advance notification message.

↑ Back to the top

Resolution

To resolve this issue, disable IISADMPWD functionality on the RPC virtual directory.

Note In Windows Server 2003, you must disable IISADMPWD functionality at the website level. However, in Windows Server 2003 Service Pack 1 (SP1), you can disable this functionality at the virtual directory level. This change does not affect IISADMPWD functionality in Microsoft Office Outlook Web Access.

To disable this functionality, set the PasswordChangeFlags value to 6 on the RPC virtual directory. To do this, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type the following command, and then press Enter:

    cd drive:\inetpub\adminscripts

    Note     In this command, the placeholder drive represents the letter of the drive on which Internet Information Services (IIS) is installed.  
  3. Type the following command if the RPC virtual directory is hosted on the first website.

    adsutil.vbs set w3svc/1/ROOT/RPC/passwordchangeflags 6

    Note This command is case-sensitive.
    Note The /1 parameter in this command corresponds to the first website. By default, this is the default website. And, the value of 6 represents the sum of the following two values:
     
    • 2: This value disables password changes.
    • 4: This value disables the advance notification message that lets you know when your password will expire.
  4. Restart IIS. To do this, type iisreset, and then press Enter.

↑ Back to the top

More Information

Even after initial account profile configuration, Outlook 2007 uses the Autodiscover lookup process at various times to determine whether your mailbox was upgraded or moved. The initial part of this process involves making a call to Active Directory to look up the Service Connection Point (SCP) value. This value contains the target URL. Usually, this call is made over port 389. However, if a MAPI profile is already present and can provide proxy connection information, Outlook will make this call but will hand off the lookup to the underlying RPC/HTTP mechanism.  

IIS determines whether the credentials that are provided are in a password notification expiry period. Even though IISADMPWD is using the ExchangeApplicationPool, the metabase settings at the W3SVC level are redirecting these DSAccess RPC/HTTP requests to the AuthNotifyPwdExpURL value. (By default, this value is /iisadmpwd/anot.asp.) This website cannot be consumed by Outlook, and the credentials prompt is the result. A similar issue can be triggered with Activesync. For more information about the Activesync issue, click the following article number to view the article in the Microsoft Knowledge Base: 

916958 Error message when you try to synchronize a mobile device with Exchange Server 2003: "HTTP_403"

↑ Back to the top

Keywords: vkball, kb

↑ Back to the top

Article Info
Article ID : 2488026
Revision : 1
Created on : 1/8/2017
Published on : 8/31/2012
Exists online : False
Views : 178