Re: activesync on iphone still syncing after password change
Thanks Michael. I'm running Exchange 2010 on WS2k8, IIS 7. So I think I've found the bridge I was looking for: User tokens as referenced in the article are NTLM tokens (with their 15 minute expiration). But a properly configured installation will be using Kerberos authentication with 10 hr TTL service tokens. Is that close? I'm having a discussion offline about what is the expected behavior and which is more secure. Obviously the Kerberos authentication is more secure, but the difference in viable, yet invalid, tokens is huge. This has one of my peers thinking the NTLM is a better choice when one may require frequent, immediate, credential revokation. Thoughts anyone? As always, I can't thank you enough for the help you provide in this forum. -Bill On Wed, Mar 9, 2011 at 6:32 PM, Michael B. Smith mich...@smithcons.comwrote: You didn’t tell us when version of IIS is involved. However, I don’t consider the KB article you quote to be valid for “modern” versions of IIS. I always concerns myself with Kerberos lifetimes, not NTLM. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Bill Songstad [mailto:bsongs...@gmail.com] *Sent:* Tuesday, March 08, 2011 1:28 PM *To:* MS-Exchange Admin Issues *Subject:* Re: activesync on iphone still syncing after password change I'm trying to get my head around the expected behavior here and I must be missing something. As Michael states, the user is still using the old ticket, but it should expire after the default 15 minutes, right? Or is it using the Kerberos service token with a 10 hr expiration? http://support.microsoft.com/kb/152526 discusses the IIS user tokens and their default update interval of 15 minutes. But the kerberos service token is good for 10 hrs. Since my user's phone didn't ask for the new password for about 4 hrs, I'm assuming the token used for access was the service token. So what is the IIS user token and why isn't it doing anything? Obviously there is a gap in my knowledge, but I'm not finding a bridge. Can someone shed some light on my dimness. -Bill On Mon, Mar 7, 2011 at 11:41 AM, Michael B. Smith mich...@smithcons.com wrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it’ll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Bill Songstad [mailto:bsongs...@gmail.com] *Sent:* Monday, March 07, 2011 2:13 PM *To:* MS-Exchange Admin Issues *Subject:* activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
Yes, that is the correct bridge. :) (I like that phrase - I'll use it in the future.) Let's look at it another way, perhaps - you can sniff an NTLM hash on the wire and crack it within a few minutes. I betcha a quarter (that's my standard bet, I'm not really a gambler) you won't be able to do that with a Kerberos ticket's hash. You know why? Because there isn't any such thing. Kerberos uses MIA - Mutual Independent Authentication to validate requestors and authenticators. It's all about large prime numbers and encrypted sessions, blah blah blah. So... you have a AAA ticket that has a relatively long lifetime. Finite, but still relatively long. Ten hours was chosen so that during a normal working day your average user would have to get, at most, a single ticket refresh. And actually, that's a very good thing. See here: http://blogs.technet.com/b/ad/archive/2008/09/23/ntlm-and-maxconcurrentapi-concerns.aspx And, NTLM quite frankly sux as an AAA protocol. See these references: http://technet.microsoft.com/en-us/magazine/2006.08.securitywatch.aspx http://www.windowsitpro.com/article/protocols/inside-sp4-ntlmv2-security-enhancements.aspx (an oldie but a goodie) And compare and contrast to: http://msdn.microsoft.com/en-us/library/aa378749(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/aa378747(v=vs.85).aspx Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Thursday, March 10, 2011 11:21 AM To: MS-Exchange Admin Issues Subject: Re: activesync on iphone still syncing after password change Thanks Michael. I'm running Exchange 2010 on WS2k8, IIS 7. So I think I've found the bridge I was looking for: User tokens as referenced in the article are NTLM tokens (with their 15 minute expiration). But a properly configured installation will be using Kerberos authentication with 10 hr TTL service tokens. Is that close? I'm having a discussion offline about what is the expected behavior and which is more secure. Obviously the Kerberos authentication is more secure, but the difference in viable, yet invalid, tokens is huge. This has one of my peers thinking the NTLM is a better choice when one may require frequent, immediate, credential revokation. Thoughts anyone? As always, I can't thank you enough for the help you provide in this forum. -Bill On Wed, Mar 9, 2011 at 6:32 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: You didn't tell us when version of IIS is involved. However, I don't consider the KB article you quote to be valid for modern versions of IIS. I always concerns myself with Kerberos lifetimes, not NTLM. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Bill Songstad [mailto:bsongs...@gmail.commailto:bsongs...@gmail.com] Sent: Tuesday, March 08, 2011 1:28 PM To: MS-Exchange Admin Issues Subject: Re: activesync on iphone still syncing after password change I'm trying to get my head around the expected behavior here and I must be missing something. As Michael states, the user is still using the old ticket, but it should expire after the default 15 minutes, right? Or is it using the Kerberos service token with a 10 hr expiration? http://support.microsoft.com/kb/152526 discusses the IIS user tokens and their default update interval of 15 minutes. But the kerberos service token is good for 10 hrs. Since my user's phone didn't ask for the new password for about 4 hrs, I'm assuming the token used for access was the service token. So what is the IIS user token and why isn't it doing anything? Obviously there is a gap in my knowledge, but I'm not finding a bridge. Can someone shed some light on my dimness. -Bill On Mon, Mar 7, 2011 at 11:41 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it'll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Bill Songstad [mailto:bsongs...@gmail.commailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 2:13 PM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old
RE: activesync on iphone still syncing after password change
You didn't tell us when version of IIS is involved. However, I don't consider the KB article you quote to be valid for modern versions of IIS. I always concerns myself with Kerberos lifetimes, not NTLM. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Tuesday, March 08, 2011 1:28 PM To: MS-Exchange Admin Issues Subject: Re: activesync on iphone still syncing after password change I'm trying to get my head around the expected behavior here and I must be missing something. As Michael states, the user is still using the old ticket, but it should expire after the default 15 minutes, right? Or is it using the Kerberos service token with a 10 hr expiration? http://support.microsoft.com/kb/152526 discusses the IIS user tokens and their default update interval of 15 minutes. But the kerberos service token is good for 10 hrs. Since my user's phone didn't ask for the new password for about 4 hrs, I'm assuming the token used for access was the service token. So what is the IIS user token and why isn't it doing anything? Obviously there is a gap in my knowledge, but I'm not finding a bridge. Can someone shed some light on my dimness. -Bill On Mon, Mar 7, 2011 at 11:41 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it'll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Bill Songstad [mailto:bsongs...@gmail.commailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 2:13 PM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: activesync on iphone still syncing after password change
I'm trying to get my head around the expected behavior here and I must be missing something. As Michael states, the user is still using the old ticket, but it should expire after the default 15 minutes, right? Or is it using the Kerberos service token with a 10 hr expiration? http://support.microsoft.com/kb/152526 discusses the IIS user tokens and their default update interval of 15 minutes. But the kerberos service token is good for 10 hrs. Since my user's phone didn't ask for the new password for about 4 hrs, I'm assuming the token used for access was the service token. So what is the IIS user token and why isn't it doing anything? Obviously there is a gap in my knowledge, but I'm not finding a bridge. Can someone shed some light on my dimness. -Bill On Mon, Mar 7, 2011 at 11:41 AM, Michael B. Smith mich...@smithcons.comwrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it’ll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Bill Songstad [mailto:bsongs...@gmail.com] *Sent:* Monday, March 07, 2011 2:13 PM *To:* MS-Exchange Admin Issues *Subject:* activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
activesync on iphone still syncing after password change
I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
iSecurity? From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 11:13 AM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
Interesting, I googled iSecurity and Google said: Did you mean: inSecurityhttp://www.google.com/search?hl=ensafe=activecomplete=0site=webhpsa=Xei=LTF1TdX4OYyctwePnrGIBgved=0CBwQBSgAq=inSecurityspell=1 From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, March 07, 2011 2:18 PM To: MS-Exchange Admin Issues Subject: RE: activesync on iphone still syncing after password change iSecurity? From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 11:13 AM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: activesync on iphone still syncing after password change
How do you know that the user didn't change the password on the iPhone, but just forgot about it? In any event, something like this is testable, if you have access to another iPhone or can convince the user to change their password again while you're present and observe the results on their iPhone. On Mon, Mar 7, 2011 at 2:13 PM, Bill Songstad bsongs...@gmail.com wrote: I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
(chuckle) From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, March 07, 2011 11:26 AM To: MS-Exchange Admin Issues Subject: RE: activesync on iphone still syncing after password change Interesting, I googled iSecurity and Google said: Did you mean: inSecurityhttp://www.google.com/search?hl=ensafe=activecomplete=0site=webhpsa=Xei=LTF1TdX4OYyctwePnrGIBgved=0CBwQBSgAq=inSecurityspell=1 From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, March 07, 2011 2:18 PM To: MS-Exchange Admin Issues Subject: RE: activesync on iphone still syncing after password change iSecurity? From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 11:13 AM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: activesync on iphone still syncing after password change
Fair enough on the testing. I have enough users with iphones that it shouldn't be difficult to reproduce if it is not indeed user confusion. I'm pretty sure that the iphone password never got changed because I was talking with them while I was resetting the password and they were sending me messages from their phone. I'll report back with my findings. -Bill On Mon, Mar 7, 2011 at 11:23 AM, Jonathan Link jonathan.l...@gmail.comwrote: How do you know that the user didn't change the password on the iPhone, but just forgot about it? In any event, something like this is testable, if you have access to another iPhone or can convince the user to change their password again while you're present and observe the results on their iPhone. On Mon, Mar 7, 2011 at 2:13 PM, Bill Songstad bsongs...@gmail.comwrote: I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it'll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 2:13 PM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: activesync on iphone still syncing after password change
Keep any Exchange thread going long enough, MBS will notice and set everyone straight... :-) On Mon, Mar 7, 2011 at 2:41 PM, Michael B. Smith mich...@smithcons.comwrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it’ll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Bill Songstad [mailto:bsongs...@gmail.com] *Sent:* Monday, March 07, 2011 2:13 PM *To:* MS-Exchange Admin Issues *Subject:* activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: activesync on iphone still syncing after password change
HIJACK! Is there any correlation between this thread and the report I keep getting from my boss who claims to NOT have to enter his PW for Outlook to connect VIA RPC from home? W2K8 NON R2 server, E2K7, Outlook 2010. I keep telling him he's a no good dirty fork tongued liar, that there's no way outlook would connect from home without asking him for his password, but he insists that it does not. IIS? On Mon, Mar 7, 2011 at 1:41 PM, Michael B. Smith mich...@smithcons.comwrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it’ll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Bill Songstad [mailto:bsongs...@gmail.com] *Sent:* Monday, March 07, 2011 2:13 PM *To:* MS-Exchange Admin Issues *Subject:* activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: activesync on iphone still syncing after password change
verily, verily. Jonathan Link wrote: Keep any Exchange thread going long enough, MBS will notice and set everyone straight... :-) On Mon, Mar 7, 2011 at 2:41 PM, Michael B. Smith mich...@smithcons.com mailto:mich...@smithcons.com wrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it’ll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Bill Songstad [mailto:bsongs...@gmail.com mailto:bsongs...@gmail.com] *Sent:* Monday, March 07, 2011 2:13 PM *To:* MS-Exchange Admin Issues *Subject:* activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
I don't have to enter my username / password for Outlook 2010 when using via RPC/HTTP for either of the Exchange accounts I use. (Exchange 2003 and Exchange 2007- Windows7_64bit/Outlook 2010_32bit) BF From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Monday, March 07, 2011 2:59 PM To: MS-Exchange Admin Issues Subject: Re: activesync on iphone still syncing after password change HIJACK! Is there any correlation between this thread and the report I keep getting from my boss who claims to NOT have to enter his PW for Outlook to connect VIA RPC from home? W2K8 NON R2 server, E2K7, Outlook 2010. I keep telling him he's a no good dirty fork tongued liar, that there's no way outlook would connect from home without asking him for his password, but he insists that it does not. IIS? On Mon, Mar 7, 2011 at 1:41 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it'll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Bill Songstad [mailto:bsongs...@gmail.commailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 2:13 PM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
If you support NTLM authentication in IIS and he has auth set to negotiate or ntlm then he should not need to set his password... (There are lots of reasons why this may not work, but USUALLY it should work.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Monday, March 07, 2011 2:59 PM To: MS-Exchange Admin Issues Subject: Re: activesync on iphone still syncing after password change HIJACK! Is there any correlation between this thread and the report I keep getting from my boss who claims to NOT have to enter his PW for Outlook to connect VIA RPC from home? W2K8 NON R2 server, E2K7, Outlook 2010. I keep telling him he's a no good dirty fork tongued liar, that there's no way outlook would connect from home without asking him for his password, but he insists that it does not. IIS? On Mon, Mar 7, 2011 at 1:41 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it'll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Bill Songstad [mailto:bsongs...@gmail.commailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 2:13 PM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: activesync on iphone still syncing after password change
I have six Exchange accounts that my Outlook connects to. One of them I have to enter the password for, because the customer doesn't support the proper auth on the RPC virtual directory. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Bob Fronk [mailto:b...@btrfronk.com] Sent: Monday, March 07, 2011 3:15 PM To: MS-Exchange Admin Issues Subject: RE: activesync on iphone still syncing after password change I don't have to enter my username / password for Outlook 2010 when using via RPC/HTTP for either of the Exchange accounts I use. (Exchange 2003 and Exchange 2007- Windows7_64bit/Outlook 2010_32bit) BF From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Monday, March 07, 2011 2:59 PM To: MS-Exchange Admin Issues Subject: Re: activesync on iphone still syncing after password change HIJACK! Is there any correlation between this thread and the report I keep getting from my boss who claims to NOT have to enter his PW for Outlook to connect VIA RPC from home? W2K8 NON R2 server, E2K7, Outlook 2010. I keep telling him he's a no good dirty fork tongued liar, that there's no way outlook would connect from home without asking him for his password, but he insists that it does not. IIS? On Mon, Mar 7, 2011 at 1:41 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Works as designed. IIS still has a valid ticket with the old password. Bounce IIS or recycle the app pool and it'll stop working. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Bill Songstad [mailto:bsongs...@gmail.commailto:bsongs...@gmail.com] Sent: Monday, March 07, 2011 2:13 PM To: MS-Exchange Admin Issues Subject: activesync on iphone still syncing after password change I have a user that forgot their password after a few weeks of using the password. Couldn't log into OWA manually, but their iphone was able to send and receive fine with the cached password. We reset the password on the domain. User logs in to OWA using the new password. Does not change the password on iphone. Now the user is sending from OWA and the iphone. Two passwords. One account. Success both ways. My knowledge tells me this is impossible. My eyes tell me otherwise. Could this just be the old activesync session? or is something horribly wrong? or another option more likely? as always, thanks for any assistance, -Bill --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist