After Exchange 2013
installation I rebooted the server and tried the access the ECP. The Form Based
Authentication came up and after I typed the username and password the page
redirected to “/owa/auth.owa” and returned a blank page. All the three URL’s
below returned the same blank page.
https://ServerFQDN/ecp/?ExchClientVer=15
https:// ServerFQDN /ecp
https:// ServerFQDN /owa
The
System Event Log had the below error registered.
| 
Event
  ID | 
15021 | 
| 
Event
  Source | 
HttpEvent | 
| 
Description | 
An
  error occurred while using SSL configuration for endpoint x.x.x.x:443.  The error status code is contained within
  the returned data. | 
After reading few posts online, I suspected it to be an
issue with the SSL certificate associated with the website on IIS. 
I ran below netsh command and dumped the output to a temp
file. 
netsh http show sslcert > D:\Temp\SSL.txt
There were 5 sections for the bindings, of which 3 sections
for Https/443, each of them associated with a certificate hash. To make sure
that right certificate was bound to the listener I had to get the thumbprint of
the correct certificate. 
Fired up mmc and added the certificate snap-in for the
Computer Object and navigated to the Personal certificate store. Obtained the
thumbprint of the certificate which was ‘Issued To’ the computer name and had a
friendly name of “Microsoft Exchange”. Now I compared the thumbprint of the
certificate against the “Certificate Hash” entry of the SSL Certificate
Binding.
| 
IP:port                                   : 0.0.0.0:443 
Certificate
  Hash                  : 6g241621555492d473411160e41fae768d489f1x 
Application
  ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419} | 
| 
IP:port                                   : 127.0.0.1:443 
Certificate
  Hash                  : 6g241621555492d473411160e41fae768d489f1x 
Application
  ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419} | 
| 
IP:port                                   : 111.111.111.111:443 
Certificate
  Hash                  : b5765b22035b7f50f260d86fcc5646c85cf3e68a 
Application
  ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419} | 
The last section had a different thumbprint. This could be
the reason for the issue. So had to remove this binding and re-associate it
with the right certificate. So ran the command below.
netsh http delete sslcert ipport=111.111.111.111:443
Then ran the command to add the right hash.
Netsh http add sslcert  ipport=111.111.111.111:443certhash=6g241621555492d473411160e41fae768d489f1x
appid={3dc4e181-f14b-4a21-b011-59fc669b0419}
Restarted IIS, and the 15021 error was gone. 
However the blank page issue still persisted. Further search
took me to KB
2871485, which seemed to make sense. I ran the below command to
obtain the current authentication setting on the OWA ECP Virtual Directories. The
settings for the FBA and Windows Integrated Authentication were as below. 
Get-OwaVirtualDirectory -Server ServerName | fl
*auth*
Get-EcpVirtualDirectory -Server ServerName | fl
*auth* 
Name                                               
                     : owa (Default
Web Site)
WindowsAuthentication                                    : False 
FormsAuthentication                                          : True
Executed the below command to disable the Forms Based
Authentication and enable Windows Integrated Authentication on both the OWA and
ECP Virtual Directories.
Set-OwaVirtualDirectory -Identity " ServerName
\owa (Default Web Site)" -FormsAuthentication $false
-WindowsAuthentication $true
Set-EcpVirtualDirectory -Identity " ServerName \ECP (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true
Did a IISReset and Eureka... I was able to access the ECP. 
