Does Entourage cache password expiration notices?

Does Entourage cache password expiration notices?

Post by Jamie_Rasm » Fri, 27 Feb 2009 01:13:48


Version: 2008
Operating System: Mac OS X 10.5 (Leopard)
Processor: Intel
Email Client: Exchange

Good morning, Everyone.

We recently migrated my company's users from their previous mail solution to Entourage/Exchange (basically added my users to our parent organization's existing AD and Exchange infrastructure). Last week, our CTO noticed an impending password expiration notice in webmail (domain policy requires a refresh every 90 days). As forcing a password change right now would cause Bad Things, the decision was made to temporarily disable this policy (until our users can be properly trained up).

Flash forward seven days to this morning, when every userpon firing up Exchange for the first time of the dayas prompted with the "Logon failure: unknown username or password" error dialog. After re-entering their current passwords, users' mail connections were restored. Subsequent restarts of Entourage and rebooting of machines has proven that the "new" (old) password has been properly saved in the Keychain.

My question is this: Did Entourage cache the password expiration notice it received from the server last week, and even though the password expiration was halted, elpfullyexpire (or forget) userspasswords anyway?

Thank you,
--Jamie Rasmussen

P.S. Environment is a mix of 10.4.11 and 10.5.6 Macs running Entourage 12.1.5 connecting to an Exchange 2007 infrastructure.
 
 
 

Does Entourage cache password expiration notices?

Post by William Sm » Fri, 27 Feb 2009 12:46:32


> password expiration was halted, elpfullyexpire (or forget) usersgt; > passwords anyway?

Entourage does not store that information. It comes directly from your
Active Directory servers when Entourage attempts authentication through
Exchange.

The "impending password expiration notice" was just that, impending.
Your boss was being notified that he'll soon have to change his
password, not change it immediately. Entourage will do this too starting
about six days before the change is required.

My guess is that your Entourage users saved their passwords, which are
stored in the Mac OS X keychain, and later you had your "change
password" training. They all changed their passwords. Then they launched
Entourage. Entourage tried the old saved password and told them "This
password doesn't work. Do you want to try a different password?" Users
enter their new password and everything worked.

This is normal behavior.

Or did your AD admin disable password expiration notifications but not
disable password expirations themselves?

--

bill

Entourage Help Pag< < http://www.yqcomputer.com/ >/>
Entourage Help Blo< < http://www.yqcomputer.com/ >/>
YouTal< < http://www.yqcomputer.com/ ;k>
Twitter: follo< < http://www.yqcomputer.com/ ;k>

 
 
 

Does Entourage cache password expiration notices?

Post by Jamie Rasm » Sat, 28 Feb 2009 01:44:14

William,

No one changed their passwords. That was the point of turning off the
global 90-day expiration rule on the serverthe users are not at a point
where a password change would go smoothly at all (once I get them all
integrated into the AD forest, which is the next thing with which I've been
tasked, we'll be ready for that). There is a lot of corporate inertia here
(mostly bad practices) that we're trying to overcome....but baby steps are
necessary in this environment.

As it turns out, after reviewing the Exchange server logs with a Microsoft
engineer, there was a permissions issue on the server with the temp
directories that was affecting not only my Mac users, but the Windows users
in the parent organization as well (however, Outlook was not presenting
those users with any authentication errors, just quietly trying again).
Apparently, Outlook is a little more fault-tolerant than Entourage.

To summarize, the permissions problem on the server has been corrected, and
there have been no more authentication issues.

Thanks,
--Jamie



On 2/25/09 10:46 PM, in article XXXX@XXXXX.COM ,



>> password expiration was halted, elpfullyexpire (or forget) usersgt;>>> passwords anyway?> > > > Entourage does not store that information. It comes directly from your> > Active Directory servers when Entourage attempts authentication through> > Exchange.> > > > The "impending password expiration notice" was just that, impending.> > Your boss was being notified that he'll soon have to change his> > password, not change it immediately. Entourage will do this too starting> > about six days before the change is required.> > > > My guess is that your Entourage users saved their passwords, which are> > stored in the Mac OS X keychain, and later you had your "change> > password" training. They all changed their passwords. Then they launched> > Entourage. Entourage tried the old saved password and told them "This> > password doesn't work. Do you want to try a different password?" Users> > enter their new password and everything worked.> > > > This is normal behavior.> > > > Or did your AD admin disable password expiration notifications but not> > disable password expirations themselves?