Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. A user whose password has expired cannot log on and receives an error message about invalid credentials if the �Remind users that their password will expire in this number of days� option is not enabled in ISA Server 2006

A user whose password has expired cannot log on and receives an error message about invalid credentials if the �Remind users that their password will expire in this number of days� option is not enabled in ISA Server 2006

View products that this article applies to.

Symptoms

Consider the following scenario:
  • In Microsoft Internet Security and Acceleration (ISA) Server 2006, you configure a Web publishing rule that uses HTML Form authentication.
  • In the Web listener, you do the following:
    • You enable the Allow users to change their password option.
    • You do not enable the Remind users that their password will expire in this number of days option.
In this scenario, if a user whose password has expired tries to log on, the logon request is denied, and the user receives an error message about invalid credentials. Additionally, the browser remains in the logon form. The expected behavior is that the user will be redirected to a page to modify the expired password.

↑ Back to the top

Cause

This problem occurs because ISA Server 2006 does not correctly interpret the expiration status of the user account in Active Directory directory service.

↑ Back to the top

Resolution

Download and then install the hotfix package that is mentioned in the following Microsoft Knowledge Base article:
960927 Description of the ISA Server 2006 hotfix package: December 7, 2008

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

A similar problem occurs in a Windows Server 2008 Active Directory Domain Services (AD DS) environment if the following conditions are true:
  • You enable the Remind users that their password will expire in this number of days option in the Web listener.
  • In AD DS, you enable a fine-grained password policy setting.

    Note For more information about the fine-grained password policy and to read the "AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide" document, visit the following Microsoft TechNet Web site:
    http://technet.microsoft.com/en-us/library/cc770842.aspx
ISA Server 2006 does not use the fine-grained password policy setting to calculate the reminder period. Therefore, this hotfix does not support fine-grained password policy settings. It only resolves the problem that is mentioned in the "Symptoms" section.

↑ Back to the top

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: KB960926, kbqfe, kbsurveynew, kbfix, kbexpertiseinter

↑ Back to the top

Article Info
Article ID : 960926
Revision : 1
Created on : 4/1/2009
Published on : 4/1/2009
Exists online : False
Views : 297