Hi, we have TMG 2010 SP1 and have a login form with three fields, one for AD username, one for AD password and the "collect additional delegation credentials" field is the RADIUS response for a one-time-token.
When the listener is configured to "Collect additional delegation credentials in the form" the capability to allow users to change their passwords, and the ability to remind users that their password will expire both become greyed out and unavailable.
I have managed to create a second listener, just for these external-only users to change their passwords, but;
When users' passwords have expired and they need to change them at next logon, accessing the main logon form listener, they authenticate with all three credentials, and instead of a TMG error screen/message that their password has expired, they get a white screen error of "500 Internal server error. Logon Failure: unknown user name or bad password. (1326)".
How can I redirect users with expired passwords from this page to the other listener so they can change their passwords?
Or, is there an alternative solution which will allow the TMG login process to complete without this ugly error?
Thanks for any useful help.