When a user's password has become expired, what you type into the ISA 2006 password dialogue becomes irrelavant. Once you 'sign-in' with the bogus password; you are immediately prompted to change your password. Here-in lies the issue.The "old-password" on the change password page must match what was entered when you tried to log-in, or it's not "Valid".Also, if the "old-password" does match what you typed in when you initially tried to sign-on, but it is not the correct password; you recieve "password does not meet the complexity requirements".I think the ISA 2006 FBA needs to be updated to provide better understanding to the end user of what's going on.Directory of Technology

what?

Hi,The following article could be helpful:Users Receive a Password Complexity Requirements Message That Does Not Specify Character Group Requirements for a Passwordhttp://support.microsoft.com/kb/821425If you need assistance regarding ISA, please post to the Forefront Edge Security Forums: http://social.technet.microsoft.com/Forums/en-US/category/forefrontedgesecurityThis posting is provided "AS IS" with no warranties, and confers no rights.

As suggested, I have ported this question to the Forefront Forums:http://social.technet.microsoft.com/Forums/en-US/ForefrontedgePub/thread/85a6d1ab-d3cb-477e-9f77-38c1d7274605The "Users Receive a Password Complexity Requirements Message That Does Not Specify Character Group Requirements for a Password" is a great update to that message, but will not help with my situation.Directory of Technology