We have setup a proof of concept that includes backend and front end Exchange 2003 servers all residing on the internal network. We have plugged an ISA server in integrated mode into our existing DMZ. The edge firewalls are PIX. We need the ability to change passwords through OWA. We have this ability setup using the IISADMPWD virtual directory in IIS 6 and it's supporting ASP files. Internal users go directly to the front end exchange servers and not through ISA. They can change their passwords just fine. Also, if it is a new user that is set with a forced password change at first logon, OWA recognizes the password expiration and deals with it appropriately. The issue is with external users that have to come through the ISA server before being able to access the front end OWA server on the internal network. We have SSL bridging setup for this. We are pre authenticating the users at the ISA server using basic credentials which are then automatically passed on to the front end OWA server so that the user only authenticates once. If a new user is accessing the system and they are forced to change their password at first logon, the pre-authentication at the ISA server fails. We enabled auditing on the ISA servers and can see the audit where ISA tries to pre-authenticate the user, but cannot handle the password expiration. Therefore, the ISA server denies the request. Any ideas on what we could do to keep the password change functionality without turning off the pre-authentication at the ISA server? Your replies are greatlt appreciated. Thanks.