I’ve commented before about the problem posed for authors who attempt to describe software as it is being developed. Code that you think is solid and won’t change is removed before the final build because a bug is discovered or code that someone has been working on but not revealed suddenly makes an appearance in a build close to the final version. Or even worse, a feature that worked in a certain manner is changed in a small but fundamental manner that renders your description of the feature inaccurate or misleading. Such are the difficulties and dangers of writing about software that is under development.

You’d imagine that the issue is reduced for a service pack. Alas, this is not the case. There was a time when Microsoft would never make a change to the user interface of something like the Exchange Management Console in a service pack so new functionality was restricted in terms of the amount that appeared. This attitude has long since disappeared and Exchange 2010 SP1 is full of new functionality and user interface – some of which continues to change as Microsoft drives towards the final build that will allow them to release SP1.

Another example of a late-breaking change that causes authors to tear their hair out is the news that Microsoft has incorporated the optional “Change Password when Expired” feature for Outlook Web App into SP1. This is the same feature that is included in Exchange 2007 SP3 and it solves a problem that occurs when users attempt to log onto their account with OWA only to find that they can’t connect because of an expired password, so it’s kind of a catch-22 if they are attempting to connect from outside the company firewall and can’t change their password through Windows.

To allow the feature, you have to create a new DWORD value called ChangeExpiredPasswordEnabled at HLKM\SYSTEM\CurrentControlSet\services\MSExchange OWA on all CAS servers. Set the value to 1 (one) to enable the feature and 0 (zero) to disable it and then restart IIS. When enabled, users will be presented with a new SSL-secured page to allow them to input their old password and create a new password whenever they attempt to connect to OWA using an account with an expired password. The only small compliant that you’d have is that users are forced to supply their username and password in domain format (as in CONTOSO\Redmond) as the User Principal Name format isn’t supported. This is a bug that Microsoft has acknowledged; I anticipate that they’ll fix it in a future patch.

The interesting thing is that this feature is so useful that you kind of wonder why it was never incorporated before. The answer is probably two-fold: first, some companies don’t like users having the ability to meddle with passwords when they are working across the Internet. Second, there are lots of other features that customers demand that are possibly more interesting from a competitive perspective. Engineers trade off features all the time and this interesting and worthwhile feature never made the cut until now…

– Tony

Learn more about Exchange 2010 SP1 in my Microsoft Exchange Server 2010 Inside Out book.