Ran into this issue this morning.
One of our users had let his network password expire. Normally this is not an issue – the user is prompted for a new password as soon as he logs into the network. This user however is different from normal – He is an external user who only uses Outlook Web. He couldn’t change his password due to the Outlook Web Access page erroring on the change password functionality.
I went into the EMC on the Exchange 2010 server hosting OA and looked at the configuration.
We are using formas based authentication and therefore I needed to look at the segmentation settings. Openning EMC I went to Client Access under Server Configuration, and in the configuration pane I selected the OA server and then the OWA instance in the Outlook Web App tab in the bottom half. I then clicked the properties button and went the to Segmentation tab in the properties dialog. Scrolling down I found the Change Password entry and veried it was set to enabled.
As this was correct I then needed to make sure that is was really enabled.
Openning regedit I went to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange OWA. Once there I found that the 32-bit DWORD key ChangeExpiredPasswordEnabled was missing. I added the key and set the value to 1 and exited regedit. I then openned an Admin command prompt and ran an IISRESET.
Taking a test user of mine I reset its password and set it to change on next logon. I then openned the OWA page and proceeded to login. Success – I now had a prompt to reset the password as required on the account.