Question : OWA 2007 Password Change Working with ISA 2006 When it Should Not.

I have a Uni-Homed NLB pair of ISA 2006 Enterprise servers on the DMZ. We are using LDAP authentication to our DC's with the Global Catalog option selected. We had an enterprise certificate authority at one point but have decommissioned it and removed all certs to the best of our ability. The "Allow users to change their passwords" is not checked on the Web Listener.

I am wondering why my users can change their password using OWA. Based on what I've read it should be impossible without LDAPS. Am I missing something here? I am concerned that there may be an improper configuration of these servers and a security issue.

Answer : OWA 2007 Password Change Working with ISA 2006 When it Should Not.

You will need to disable it in Exchange as well the ISA function is different to the Exchange one see here for how: http://technet.microsoft.com/en-us/library/bb684904(EXCHG.80).aspx

Random Solutions

Select Top 5 For Each Group - subquery syntax bug

High read in profile

RSReportserver.config file question

How to correctly format a date into SQL Query

How to read XML

Non-Technical person giving a technical interview - questions needed

embedded SELECT in query

Server 2008 R2 dcpromo fails, says need to run adprep /forestprep

Create XML File from XML schema using XSD - ASP.NET C#

localhost/certserv doesnt work, says that the page cannot be found