AD FS 3.0 has the capability to allow the user to change their password when they supply their existing password. To enable this, open the AD FS management console, expand Service, and select Endpoints. In the middle pane, you’ll see a long list of endpoints. Scroll down to the Other section, and select /adfs/portal/updatepassword/. Right click on it, and choose enable
This will enable users on the corporate network to use the AD FS forms-based login to change their password.
Recently After installing Windows Updates, I’ve noticed that this was no longer working for my ensternal clients who connect to https://<servername>/adfs/portal/updatepassword.
Externally I would immediately see the error message “An error occurred. Contact your administrator.” When opening the URL within the LAN it opened just fine and I would be able to change passwords.
Turns out that the recent updates have disabled the setting allowing the updatepassword feature to be exposed. I had addressed this by opeing the AD FS management console, expand Service, and select Endpoints. In the middle pane, you’ll see a long list of endpoints. Scroll down to the Other section, and select /adfs/portal/updatepassword/. Setting the proxy enabled to “Yes” and restarting ADFS Services on both the ADFS server and Proxy server.
And now it works without issue.
I was unable to determine which update caused this this If I come across it I will update this post and share.
Here is a list of recently applied updates.
- Security Update for Windows Server 2012 R2 (KB3172729) – http://support.microsoft.com/kb/3172729
- Security Update for Windows Server 2012 R2 (KB3169704) – http://support.microsoft.com/kb/3169704
- Security Update for Windows Server 2012 R2 (KB3175024) – http://support.microsoft.com/kb/3175024
- 2017-10 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems (KB4049179) – http://support.microsoft.com/help/4049179
- 2017-10 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4041693) – http://support.microsoft.com/help/4041693
- Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition – October 2017 (KB890830) – http://support.microsoft.com/kb/890830
- Security Update for Windows Server 2012 R2 (KB3172729) –http://support.microsoft.com/kb/3172729
- Security Update for Windows Server 2012 R2 (KB3000483) – http://support.microsoft.com/kb/3000483
- Security Update for Windows Server 2012 R2 (KB3178539) – http://support.microsoft.com/kb/3178539
- Update for Windows Server 2012 R2 (KB3173424) – http://support.microsoft.com/kb/3173424
- 2017-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Server 2012 R2 for x64 (KB4041085) – http://support.microsoft.com/kb/4041085
One reply on “External ADFS Password Change Broken after Windows Updates”
Do you know if it it possible to only allow a specific group to allow password change