Windows 2008, IIS 7, the Exchange 2007 CAS and IISADMPWD…

by Andy Grogan on December 3, 2008 · 2 comments

in Exchange 2007 (CAS), Windows 2008, Windows 2008 (IIS)

So, there I was busily working on some of the final configuration elements of my CAS setup when I receive a Helpdesk (or ticket) from a customer suggesting that they can no longer change their password via OWA 2003 Interface.

Although considering the time scales that I have been working to – this perhaps might have been a minor problem (as our SLA does not cover Password changes via the OWA Interface) but this bugged me a little bit so I decided to have a look.

Essentially as we are mid migration I have a number of customers who’s mailboxes still reside on Exchange 2003, however, I have already removed my existing Exchange 2003 FES (Front End Servers) and replaced them with Windows 2008, Exchange 2007 SP1 Client Access Servers.

When one of my Exchange 2003 based people logon to OWA and try to change their password via [OPTIONS] – see below;

PWD2008St1

Then from the OWA options screen which appears in the right hand window select [Change Password] – see below;

PWD2008St2

They are presented with the following error (where the usual change password box would appear):

PWD2008St3

As you can see from the above – the error that is produced is from the IIS 7 web service running on my Windows 2008 CAS server, and it also suggest that the files or indeed the directory that contains the file to perform the password reset are not present.

This was indeed a bit of a “slap head” moment (whilst screaming “DOH!!!!“) as although my previous Windows 2003 based FES had the IISADMPWD directory enabled my CAS servers which are running on Windows 2008 do not.

Never Fear” I thought, I’ll just have a quick look around the web and find out how to enable to IISADMPWD feature in IIS 7 – I found nothing, nada, zip, bupkiss – bugger.

I sat there for a little bit scratched my head then thought “What if I copy over the IISADMPWD file from the old FES to the IIS CAS” – this seemed like a crazy but logical idea so:

Before I began I ran the serverManagerCMD -q command on my Windows 2008, Exchange 2007 CAS to review the IIS components that were installed (in view that this actually worked I the following are the installed components within my installation):

[X] Web Server (IIS) [Web-Server]
[X] Web Server [Web-WebServer]
[X] Common HTTP Features [Web-Common-Http]
[X] Static Content [Web-Static-Content]
[X] Default Document [Web-Default-Doc]
[X] Directory Browsing [Web-Dir-Browsing]
[X] HTTP Errors [Web-Http-Errors]
[X] HTTP Redirection [Web-Http-Redirect]
[X] Application Development [Web-App-Dev]
[X] ASP.NET [Web-Asp-Net]
[X] .NET Extensibility [Web-Net-Ext]
[X] ASP [Web-ASP]
[ ] CGI [Web-CGI]
[X] ISAPI Extensions [Web-ISAPI-Ext]
[X] ISAPI Filters [Web-ISAPI-Filter]
[ ] Server Side Includes [Web-Includes]
[X] Health and Diagnostics [Web-Health]
[X] HTTP Logging [Web-Http-Logging]
[X] Logging Tools [Web-Log-Libraries]
[X] Request Monitor [Web-Request-Monitor]
[X] Tracing [Web-Http-Tracing]

[X] Security [Web-Security]
[X] Basic Authentication [Web-Basic-Auth]
[X] Windows Authentication [Web-Windows-Auth]
[X] Digest Authentication [Web-Digest-Auth]
[X] Client Certificate Mapping Authentication [Web-Client-Auth]

[X] Management Tools [Web-Mgmt-Tools]
[X] IIS Management Console [Web-Mgmt-Console]
[X] IIS 6 Management Compatibility [Web-Mgmt-Compat]
[X] IIS 6 Metabase Compatibility [Web-Metabase]
[X] IIS 6 Management Console [Web-Lgcy-Mgmt-Console]

I decided that the installed components above should be enough to support the functionality of the original change password components so on my Windows 2008 Exchange 2007 CAS server I navigated to [c:\windows\system32\inetsrv] and created a directory called “IISADMPWD” – see below;

PWD2008St4

From my old Exchange 2003 Front End Server (FES) I copied the contents (all the ASP files) of the [ C:\Windows\System32\Inetsrv\ ] directory to the new directory on my Windows 2008 CAS (see above for the directory) – see below for the contents as it should look on your Windows 2008 CAS;

PWD2008St5

I then jumped into the IIS 7 Administration tool on my Windows 2008 CAS [ START-> Programs -> Administrative Tools -> Internet Information Services (IIS) Manager ] and expanded [ -> Sites ] here I right clicked with my mouse on the Default Web Site and then from the context menu that appeared I choose the “Add Virtual Directory Option” – see below;

PWD2008St6

Within the dialog box that opened I provided the following information (if you are following this you ensure your settings correspond to the following – when done click on the “OK” button;

PWD2008St7

After clicking on the “OK” button I was returned to the IIS 7 main interface – where I could now see my new IISADMPWD virtual directory – I right clicked on the new virtual directory entry and from the context menu that appear I chose “Convert to Application” option – see below;

PWD2008St8

From the dialog box that appeared I chose the “Select Button” located next to the “Application Pool” data section – see below;

PWD2008St9

From the dialog that appeared from the drop down menu entitled “Application Pool” I choose the “MSExchangeOWAAppPool” option and then clicked on the “OK” button and then “OK” again which returned me to the main IIS 7 admin screen – see below;

PWD2008St10

From the right hand tree node in the IIS manager I selected my new “IISADMPWD” application directory which changed the main window to display the configurable options – under the IIS section I double clicked on the “Authentication” option – see below;

PWD2008St11-EditPerms

This changed the main window to look like the following example – here I ensured that the only form of Authentication selected was “BASIC” – see below;

PWD2008St12-EditPerms

From here I ensured that all settings had been applied – I then reset the IIS services [ Start -> RUN – > IISRESET /noforce ] and then retried accessing the change password feature via the OWA 2003 mailbox via my CAS server which worked – see below;

PWD2008St12-Final

I ran through the change password process which worked perfectly – cool.

I hope this helps someone along the way.

Social

{ 2 comments… read them below or add one }

Kevin Maschke November 8, 2011 at 8:14 am

Hello,

I’m sorry to comment an such an old post, but I followed your guide step by step.
I can access https://server-name/iisadminpwd/ where I get the change password form.

But once entered the old and new passwords, I click on OK and am redirected to:
https://server-name/iisadmpwd/achg.asp?
An with the message “HTTP Error 404. The requested resource is not found.”.

The file is there, so I don’t understand what’s wrong.

Could you help me?

Reply

Andy Grogan November 8, 2011 at 6:18 pm

Hey Kevin, wow – this is an old one 🙂 – silly question off the top of my head – is ASP enabled?

Reply

Leave a Comment

Previous post:

Next post: