After Exchange 2013
installation I rebooted the server and tried the access the ECP. The Form Based
Authentication came up and after I typed the username and password the page
redirected to “/owa/auth.owa” and returned a blank page. All the three URL’s
below returned the same blank page.
https://ServerFQDN/ecp/?ExchClientVer=15
https:// ServerFQDN /ecp
https:// ServerFQDN /owa
The
System Event Log had the below error registered.
Event
ID
|
15021
|
Event
Source
|
HttpEvent
|
Description
|
An
error occurred while using SSL configuration for endpoint x.x.x.x:443. The error status code is contained within
the returned data.
|
After reading few posts online, I suspected it to be an
issue with the SSL certificate associated with the website on IIS.
I ran below netsh command and dumped the output to a temp
file.
netsh http show sslcert > D:\Temp\SSL.txt
There were 5 sections for the bindings, of which 3 sections
for Https/443, each of them associated with a certificate hash. To make sure
that right certificate was bound to the listener I had to get the thumbprint of
the correct certificate.
Fired up mmc and added the certificate snap-in for the
Computer Object and navigated to the Personal certificate store. Obtained the
thumbprint of the certificate which was ‘Issued To’ the computer name and had a
friendly name of “Microsoft Exchange”. Now I compared the thumbprint of the
certificate against the “Certificate Hash” entry of the SSL Certificate
Binding.
IP:port : 0.0.0.0:443
Certificate
Hash : 6g241621555492d473411160e41fae768d489f1x
Application
ID : {3dc4e181-f14b-4a21-b011-59fc669b0419}
|
IP:port : 127.0.0.1:443
Certificate
Hash : 6g241621555492d473411160e41fae768d489f1x
Application
ID : {3dc4e181-f14b-4a21-b011-59fc669b0419}
|
IP:port : 111.111.111.111:443
Certificate
Hash : b5765b22035b7f50f260d86fcc5646c85cf3e68a
Application
ID : {3dc4e181-f14b-4a21-b011-59fc669b0419}
|
The last section had a different thumbprint. This could be
the reason for the issue. So had to remove this binding and re-associate it
with the right certificate. So ran the command below.
netsh http delete sslcert ipport=111.111.111.111:443
Then ran the command to add the right hash.
Netsh http add sslcert ipport=111.111.111.111:443certhash=6g241621555492d473411160e41fae768d489f1x
appid={3dc4e181-f14b-4a21-b011-59fc669b0419}
Restarted IIS, and the 15021 error was gone.
However the blank page issue still persisted. Further search
took me to KB
2871485, which seemed to make sense. I ran the below command to
obtain the current authentication setting on the OWA ECP Virtual Directories. The
settings for the FBA and Windows Integrated Authentication were as below.
Get-OwaVirtualDirectory -Server ServerName | fl
*auth*
Get-EcpVirtualDirectory -Server ServerName | fl
*auth*
Name
: owa (Default
Web Site)
WindowsAuthentication : False
FormsAuthentication : True
Executed the below command to disable the Forms Based
Authentication and enable Windows Integrated Authentication on both the OWA and
ECP Virtual Directories.
Set-OwaVirtualDirectory -Identity " ServerName
\owa (Default Web Site)" -FormsAuthentication $false
-WindowsAuthentication $true
Set-EcpVirtualDirectory -Identity " ServerName \ECP (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true
Did a IISReset and Eureka... I was able to access the ECP.
