While on Exchange 2013 CU1 I was excited to finally have a working setup of the OWA password change feature. Previously out users would just be blocked from logging in if their password had expired or they needed to choose a new one per the settings on their account. The feature worked great out of the box using Forms Based Authentication.
Then I upgraded to 2013 CU2.
Now, any user with an expired password or where I've set "User must change password at next logon" is met with the dreaded "The user name or password you entered isn't correct. Try entering it again." message.
The registry key to enable password changes is still set, I've tried adjusting the Default Domain Policy to both one and zero days for minimum password age, and I've checked over the OWA directory settings. We do use a default domain/realm for "basic" authentication and while I've tried setting it to "\" as recommended on some posts this is not an acceptable solution for our needs (nor did it actually work).
If I navigate directly to the password change page I can change a password that expired or set to require a new one. I can then login to OWA. It's OWA itself that isn't redirecting me to the ExpiredPassword.aspx page when a password is expired.
Any thoughts on where else I can check? Some people were fixed when they upgraded to CU2. Ours broke instead and it's locked a lot of our travelling or retired employees out of their accounts.
Thanks!
Alan