FIX: A user is prompted to change the password although the account is configured as "Password never expires" when the user tries to log on to an intranet Web site published by using ISA Server 2006 FBA

Symptoms

Consider the following scenario:

In Microsoft Internet Security and Acceleration (ISA) Server 2006, you publish an intranet Web site by using Forms-based authentication (FBA).
In the Web listener, you enable the Allow users to change their password option.
In the Web listener, you also enable the Remind users that their password will expire option.
Some accounts are marked as password never expire in Active Directory.

In this scenario, when you use one of these accounts to log on, you are prompted to change the password.

This problem occurs because ISA Server 2006 incorrectly interprets the UserAccountControl attribute of the user object in Active Directory.

To resolve this problem, install the hotfix rollup package that is described in the following Microsoft Knowledge Base article:

971143 Description of the ISA Server 2006 hotfix package: July 14, 2009

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: KB971142, kbqfe, kbsurveynew, kbfix, kbexpertiseinter

Article Info