Problem description:

You are using load balanced ISA Server 2006 to publish an internal MOSS portal and here you are also using the password change feature on ISA Server to allow the users to change their password on the form.

When a user browses from internet to your Site like https://portal.company.com via ISA Server 2006 – SP1
your users will receive Error messages that the password is expired even though the password is not expired.
A try to renew the password fails also.

You found while troubleshooting that the issue only occurs when a specific DC is online, regardless which ISA node is used.

 

CAUSE:

This happens since ISA Server is receiving an invalid response from the problematic DC.
This is a known issue for Windows Server 2003 DC's if the password change policy is set to Maximum password age (days): 0

 

RESOLUTION:

Currently we can only work around this issue since we won’t get a fix for this issue for Windows Server 2003.

Solution #1 - upgrade your DC's to Windows Server 2008 or later

Solution #2 - disable the notification for the users on the ISA Server Web Listener for the password change notifications.

 

Steve Chen from daily business @ SharePoint Support

;-)