In TMG 2010 SP2, I have set up a web listener allowing users to change their password. It is using windows authentication. The domain controller has a server certificate that is trusted by TMG.
But it fails when a user selects to change their password. (Change password works if the user "must change their password on next logon".)
I cannot see any warnings/errors recorded on the TMG server. On the domain controller, I see an audit failure entry for "An attempt was made to change an account's password" (id 4723) but no explanation why it failed. Using netmon, LDAPS seems to be okay.
I would appreciate any suggestions on what I might be doing wrong, or what additional diagnostics I can collect.
Regards, Steve.
