Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. FIX: Forms-based authentication in ISA Server 2006 still does not change a password on the second attempt if the user typed inconsistent passwords in the password confirmation of the first attempt

FIX: Forms-based authentication in ISA Server 2006 still does not change a password on the second attempt if the user typed inconsistent passwords in the password confirmation of the first attempt

View products that this article applies to.

Symptoms

Consider the following scenario:
  • In Microsoft Internet Security and Acceleration (ISA) Server 2006 Service Pack 1, you publish a Web server.
  • You configure the Web listener to authenticate by using Forms-Based Authentication (FBA). Additionally, you enable the Allow users to change their password option.
  • A user connects to the Web listener and then selects the option to change his or her password. Then, the user is redirected to the Change Password form.
  • The user tries to change the password. However, the user makes a mistake, and the passwords that the user typed in the New Password and Confirm New Password boxes do not match.
  • The user is redirected to another page that states that the previous attempt failed because the passwords that were typed in the New Password and Confirm New Password boxes do not match. However, the user can try to change his or her password again.
In this scenario, even if the user correctly enters the password in the New Password and Confirm New Password boxes in later attempts, the password is not changed.

Additionally, after the user clicks the Change Password button, the user is redirected to the initial FBA logon page even though the password is unchanged. Therefore, the user may assume that the password was changed. Then, the user repeatedly tries to log on by using the new password. Eventually, the user account may be locked if an account lockout policy is used.

↑ Back to the top

Resolution

To resolve this problem, install the hotfix rollup package that is described in the following Microsoft Knowledge Base article:
970443 Description of the ISA Server 2006 hotfix package: April 21, 2009

↑ Back to the top

Workaround

To work around this problem, make sure that you enter the passwords correctly in the New Password and Confirm New Password boxes. If you enter passwords incorrectly, make sure that you first return to the initial FBA logon page and then try to change the password again.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: KB969296, kbqfe, kbsurveynew, kbfix, kbexpertiseinter, kbarchive, kbnosurvey

↑ Back to the top

Article Info
Article ID : 969296
Revision : 2
Created on : 1/15/2015
Published on : 1/15/2015
Exists online : False
Views : 424