Hi Thai Son,
When user changes password using OWA you may notice a period during which the user can log on to their mailbox by using either the old password or the new password.
This latency exists by design for Internet Information Services (IIS) performance reasons and is controlled by the a registry setting.
By default its 15 minutes. (Changes made to the reg, or issue with the IIS service on the CAS\TMG(reverse proxy) could cause longer periods.
Warning If you use Registry Editor incorrectly, you may cause serious problems .
Use Registry Editor at your own risk to check and modify this.- Start Registry Editor (Regedt32.exe) on the server that is running IIS and through which the user gains access to OWA.
- Locate the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters
- On the Edit menu, click Add Value, and then add the following registry value:
Value Name: UserTokenTTL (Note This is case-sensitive!)
Data Type: REG_DWORD
Value Range: 0 - 0x7FFFFFFF (Note This unit is in seconds.) - Exit Registry Editor, and then restart IIS.
NOTE:- If user is still logged in at the time of change, the update doesn't apply for the user immediatly.
Refer to the below article for more details:
An old password still works after you change it in Outlook Web Access :