Friday, July 11, 2014

Exchange 2013- ECP & OWA Returns Blank Page


After Exchange 2013 installation I rebooted the server and tried the access the ECP. The Form Based Authentication came up and after I typed the username and password the page redirected to “/owa/auth.owa” and returned a blank page. All the three URL’s below returned the same blank page.

https://ServerFQDN/ecp/?ExchClientVer=15
https:// ServerFQDN /ecp
https:// ServerFQDN /owa

The System Event Log had the below error registered.

Event ID
15021
Event Source
HttpEvent
Description
An error occurred while using SSL configuration for endpoint x.x.x.x:443.  The error status code is contained within the returned data.

After reading few posts online, I suspected it to be an issue with the SSL certificate associated with the website on IIS.
I ran below netsh command and dumped the output to a temp file.

netsh http show sslcert > D:\Temp\SSL.txt

There were 5 sections for the bindings, of which 3 sections for Https/443, each of them associated with a certificate hash. To make sure that right certificate was bound to the listener I had to get the thumbprint of the correct certificate.
Fired up mmc and added the certificate snap-in for the Computer Object and navigated to the Personal certificate store. Obtained the thumbprint of the certificate which was ‘Issued To’ the computer name and had a friendly name of “Microsoft Exchange”. Now I compared the thumbprint of the certificate against the “Certificate Hash” entry of the SSL Certificate Binding.

IP:port                                   : 0.0.0.0:443
Certificate Hash                  : 6g241621555492d473411160e41fae768d489f1x
Application ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419}
IP:port                                   : 127.0.0.1:443
Certificate Hash                  : 6g241621555492d473411160e41fae768d489f1x
Application ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419}
IP:port                                   : 111.111.111.111:443
Certificate Hash                  : b5765b22035b7f50f260d86fcc5646c85cf3e68a
Application ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419}

The last section had a different thumbprint. This could be the reason for the issue. So had to remove this binding and re-associate it with the right certificate. So ran the command below.

netsh http delete sslcert ipport=111.111.111.111:443

Then ran the command to add the right hash.

Netsh http add sslcert  ipport=111.111.111.111:443certhash=6g241621555492d473411160e41fae768d489f1x appid={3dc4e181-f14b-4a21-b011-59fc669b0419}

Restarted IIS, and the 15021 error was gone.

However the blank page issue still persisted. Further search took me to KB 2871485, which seemed to make sense. I ran the below command to obtain the current authentication setting on the OWA ECP Virtual Directories. The settings for the FBA and Windows Integrated Authentication were as below.

Get-OwaVirtualDirectory -Server ServerName | fl *auth*
Get-EcpVirtualDirectory -Server ServerName | fl *auth*

Name                                                                     : owa (Default Web Site)
WindowsAuthentication                                    : False
FormsAuthentication                                          : True


Executed the below command to disable the Forms Based Authentication and enable Windows Integrated Authentication on both the OWA and ECP Virtual Directories.

Set-OwaVirtualDirectory -Identity " ServerName \owa (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true


Set-EcpVirtualDirectory -Identity " ServerName \ECP (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true


Did a IISReset and Eureka... I was able to access the ECP.

Posted by at No comments:

Sunday, May 11, 2014

TrueCaller - The Magical App - Or is it.. ?

I have heard a lot of people mention about this wonderful app on their smartphones, which displays the name of the person calling, even if you do not have it on your contact list. Interestingly enough, last week I heard "an IT geek" at one of the local radio stations suggesting listeners to install this cool app on their smartphones. He went ahead and explained that the app gets the database from the GSM service providers. Well this is what most of the innocent users of this app believe !! 

No GSM service provider will ever publish a directory of all its subscribers or give access to any one else to tap into their subscriber database. Then how does true caller do what it claims to do with almost 100 % accuracy - show you the name of the person calling, magically ?

The magic starts immediately after the app is downloaded to your smartphone and you recite the wedding vows.

"I take you to be my lawfully installed application, my trusted magical wizard from this day forward. In the presence of the internet, android and iOS, I offer all my contact details with their names, location and numbers to you so that you can share it with the rest of the world. I promise to allow you to synchronize my phone book with your servers as long as I have you installed on my smartphone."

This is what you accept the app to do when you agree to the prompts after the install :-

  1. Modify Your Contacts
  2. Read Your Contacts
  3. Read Call Log
  4. Write Call Log

The app uploads a copy of your entire phone book to its servers. This is what it has done with the phone book of its 20 million users. So what they have on their servers is an aggregated phone book database of millions of mobile numbers which are constantly updated with the new contacts that each of its subscribers add to their phone books. 

So when a caller who is not on your contact list calls you, the app looks up its database and shows the the name under which other people have listed it. It picks up the most relevant name based on the occurrence in its database. So the pretty girl next door might be listed as " My Honey Bun'  on someone's contact list, 'My Ex-2013' on someone else's and Ms. First Name, Last Name on your few of her colleagues phone book. So if she were to call your mobile it might most likely show you the Ms. First Name, Last Name (maximum occurrence). However if she called you from a number which she has only shared with her boy friend (current n ex), the app might list the caller as 'My Honey Bun' !!

As if the phone book data was not enough, TrueCaller has integration with Facebook, Twitter, Watsapp etc, giving them access to the contacts details of your friends on these social platforms as well. 

As the app has access to your call log, it is also able to analyse your call patterns, monthly spend, frequently called friends/associates etc. This information is worth millions, to a lot of commercial establishments who would be able to create and target, effective marketing campaigns based on this data. 

Last year TrueCaller was hacked and the database compromised. The hackers managed to download multiple databases from the TrueCaller website. These databases had contact information about millions of phone users including private numbers of a lot of politically and socially important personalities. 

The intention of this post is to educate the readers about how the application works and inform them about the potential security risk of having this app installed on their phone. I am sure each one of us have a different perspective about security. However one should realize that  by synchronizing your contact list you are exposing the privacy of your friends and family members. If your contact list has details of  people who are socially or politically important, VIP's etc. you might be compromising their security by installing this application on your phone.

Posted by at No comments:
Subscribe to: Posts (Atom)