• RSS
  • Twitter
  • FaceBook

Deb Shinder Blog RSS

All Blogs  »  Deb Shinder Blog  »  News ISA Central  »  Blog article: Users in remote forests cannot change their passwords through ISA Server 2006 or Forefront Threat Management Gateway 2010

Users in remote forests cannot change their passwords through ISA Server 2006 or Forefront Threat Management Gateway 2010

“Consider the following scenario:

  • You have a server that is running Microsoft Internet Security and Acceleration (ISA) 2006.
  • You configured a Forms Based Authentication (FBA) listener by selecting HTML Form Authentication on the Authentication tab.
  • The listener is configured to let users change their passwords.
  • You used the functionality that is described in Microsoft Knowledge Base article 952675 to enable ISA 2006 to search for the user in multiple domains. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    952675 (http://support.microsoft.com/kb/952675/ ) You cannot log on to a local intranet site that you publish by using ISA Server 2006 when there are multiple user accounts that have the same account name in different domains

  • The account for the user who tries to log on is located in a domain in a remote trusted forest.

In this scenario, users cannot log on if their password is expired or if the account is set to User must change password at next logon. Error 1907 (ERROR_PASSWORD_MUST_CHANGE) is logged in the web proxy log…”

For other scenarios and fixes, check out the KB article over at http://support.microsoft.com/kb/2618727/

HTH,

Deb

DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
dshinder@isaserver.org

This entry was posted on Monday, January 30th, 2012 at 6:30 pm and is filed under News, ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Users in remote forests cannot change their passwords through ISA Server 2006 or Forefront Threat Management Gateway 2010”

  1. Users in remote forests cannot change their passwords through ISA Server 2006 or Forefront Threat Management Gateway 2010 - Isaserver.org - Winsec.be Says:

    January 30th, 2012 at 7:20 pm

    […] January 2012 (4)December 2011 (15)November 2011 (15)October 2011 (14)September 2011 (15)August 2011 (14)July 2011 (17)June 2011 (12)May 2011 (14)April 2011 (15)March 2011 (20)February 2011 (8)January 2011 (15)December 2010 (19)November 2010 (13)October 2010 (13)September 2010 (15)August 2010 (14)July 2010 (15)June 2010 (15)May 2010 (15)April 2010 (1) “Consider the following scenario: You have a server that is running Microsoft Internet Security and Acceleration (ISA) 2006. You configured a Forms Based Authentication (FBA) listener by selecting HTML Form Authentication on the Authentication tab. The Read More… […]

Leave a Reply


Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!