Outlook Web App users are unable to reset their passwords within OWA

%3CLINGO-SUB%20id%3D%22lingo-sub-1137436%22%20slang%3D%22en-US%22%3EOutlook%20Web%20App%20users%20are%20unable%20to%20reset%20their%20passwords%20within%20OWA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1137436%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20having%20issues%20where%20many%20of%20our%20Outlook%20Web%20App%20users%20are%20unable%20to%20reset%20their%20passwords%20within%20OWA.%20(Options%20-%26gt%3B%20General%20-%26gt%3B%20My%20Account%20-%26gt%3B%20Change%20your%20password).%20When%20they%20try%20they%20receive%20the%20windows%20where%20they%20are%20able%20to%20type%20in%20the%20new%20password%2C%20but%20when%20they%20choose%20%E2%80%9CSave%E2%80%9D%20they%20get%20the%20following%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22There%20was%20a%20problem%20saving%20your%20changes.%20Please%20try%20again.%20If%20%3CSTRONG%3Ethe%20problem%3C%2FSTRONG%3E%3CSTRONG%3E%3CEM%3E%20continues%2C%20contact%20support%3C%2FEM%3E%22.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20has%20nothing%20to%20do%20with%20password%20security%20or%20password%20history%20as%20those%20give%20the%20correct%20error%3A%20%22The%20password%20you%20entered%20doesn%E2%80%99t%20meet%20the%20minimum%20security%20requirements%E2%80%9D.%20And%20it%20is%20not%20affecting%20all%20users%20-%20for%20example%20I%20was%20able%20to%20change%20my%20password%20using%20that%20feature%2C%20but%20the%20majority%20of%20users%20cannot.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%20on-prem%20Exchange%20Server%202016%2C%20Version%2015.1%2C%20build%201913.5%20on%20Windows%202016%20servers%2C%20build%2014393.3474.%20We%20have%20three%20servers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20some%20experiments%20to%20see%20if%20anything%20would%20allow%20a%20password%20change%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EUsers%20are%20able%20to%20change%20their%20password%20if%20passwords%20have%20expired%20and%20the%20user%20is%20prompted%20on%20the%20home%20page%20of%20OWA.%3C%2FLI%3E%3CLI%3EI%20am%20able%20to%20change%20the%20password%20for%20a%20test%20account%20on%20one%20of%20the%20Exchange%20servers%20using%20%3CA%20href%3D%22https%3A%2F%2Flocalhost%2Fowa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flocalhost%2Fowa%3C%2FA%3E%20and%20then%20Options%20-%26gt%3B%20General%20-%26gt%3B%20My%20Account%20-%26gt%3B%20Change%20your%20password.%3C%2FLI%3E%3CLI%3EI%20am%20able%20to%20change%20the%20password%20for%20a%20test%20account%20in%20a%20browser%20using%20the%20public%20IP%20address%20for%20OWA%20in%20place%20of%20our%20URL%2C%20i.e.%20%3CA%20href%3D%22https%3A%2F%2Fxxx.xxx.xxx.xxx%2Fowa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fxxx.xxx.xxx.xxx%2Fowa%3C%2FA%3E%20versus%20https%3A%2F%2Fdomainname%2Fowa%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThese%20same%20test%20accounts%20threw%20the%20error%20when%20using%20the%20URL.%26nbsp%3BI%20do%20not%20see%20anything%20in%20the%20event%20logs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20a%20huge%20concern%20for%20us%20as%20about%20two%20thirds%20of%20our%20users%20primarily%20use%20OWA%20and%20would%20prefer%20to%20change%20their%20passwords%20before%20they%20expire.%20%26nbsp%3BI%20don%E2%80%99t%20know%20if%20this%20is%20an%20Exchange%20error%20or%20an%20IIS%20error%20or%20even%20a%20certificate%20error.%20The%20certificate%20is%20current%20and%20was%20renewed%20recently%20(November%202019).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20opened%20a%20support%20case%202%20days%20ago%20with%20Microsoft%20and%20have%20not%20received%20a%20response%20(different%20issue).%20Does%20anyone%20have%20any%20ideas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1137436%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1150148%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20Web%20App%20users%20are%20unable%20to%20reset%20their%20passwords%20within%20OWA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1150148%22%20slang%3D%22en-US%22%3E%3CP%3Ethe%20problem%20turned%20out%20to%20be%20that%20the%20users%20had%20%22lost%22%20their%20OWA%20policy%20in%20Exchange.%20Reapplying%20the%20OWA%20policy%20under%20permissions%20fixed%20the%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We are having issues where many of our Outlook Web App users are unable to reset their passwords within OWA. (Options -> General -> My Account -> Change your password). When they try they receive the windows where they are able to type in the new password, but when they choose “Save” they get the following error:

 

"There was a problem saving your changes. Please try again. If the problem continues, contact support".

 

It has nothing to do with password security or password history as those give the correct error: "The password you entered doesn’t meet the minimum security requirements”. And it is not affecting all users - for example I was able to change my password using that feature, but the majority of users cannot.

 

We are using on-prem Exchange Server 2016, Version 15.1, build 1913.5 on Windows 2016 servers, build 14393.3474. We have three servers.

 

I tried some experiments to see if anything would allow a password change:

 

  • Users are able to change their password if passwords have expired and the user is prompted on the home page of OWA.
  • I am able to change the password for a test account on one of the Exchange servers using https://localhost/owa and then Options -> General -> My Account -> Change your password.
  • I am able to change the password for a test account in a browser using the public IP address for OWA in place of our URL, i.e. https://xxx.xxx.xxx.xxx/owa versus https://domainname/owa

These same test accounts threw the error when using the URL. I do not see anything in the event logs.

 

This is a huge concern for us as about two thirds of our users primarily use OWA and would prefer to change their passwords before they expire.  I don’t know if this is an Exchange error or an IIS error or even a certificate error. The certificate is current and was renewed recently (November 2019).

 

I opened a support case 2 days ago with Microsoft and have not received a response (different issue). Does anyone have any ideas?

1 Reply
Highlighted

the problem turned out to be that the users had "lost" their OWA policy in Exchange. Reapplying the OWA policy under permissions fixed the issue.