Friday, July 11, 2014

Exchange 2013- ECP & OWA Returns Blank Page


After Exchange 2013 installation I rebooted the server and tried the access the ECP. The Form Based Authentication came up and after I typed the username and password the page redirected to “/owa/auth.owa” and returned a blank page. All the three URL’s below returned the same blank page.

https://ServerFQDN/ecp/?ExchClientVer=15
https:// ServerFQDN /ecp
https:// ServerFQDN /owa

The System Event Log had the below error registered.

Event ID
15021
Event Source
HttpEvent
Description
An error occurred while using SSL configuration for endpoint x.x.x.x:443.  The error status code is contained within the returned data.

After reading few posts online, I suspected it to be an issue with the SSL certificate associated with the website on IIS.
I ran below netsh command and dumped the output to a temp file.

netsh http show sslcert > D:\Temp\SSL.txt

There were 5 sections for the bindings, of which 3 sections for Https/443, each of them associated with a certificate hash. To make sure that right certificate was bound to the listener I had to get the thumbprint of the correct certificate.
Fired up mmc and added the certificate snap-in for the Computer Object and navigated to the Personal certificate store. Obtained the thumbprint of the certificate which was ‘Issued To’ the computer name and had a friendly name of “Microsoft Exchange”. Now I compared the thumbprint of the certificate against the “Certificate Hash” entry of the SSL Certificate Binding.

IP:port                                   : 0.0.0.0:443
Certificate Hash                  : 6g241621555492d473411160e41fae768d489f1x
Application ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419}
IP:port                                   : 127.0.0.1:443
Certificate Hash                  : 6g241621555492d473411160e41fae768d489f1x
Application ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419}
IP:port                                   : 111.111.111.111:443
Certificate Hash                  : b5765b22035b7f50f260d86fcc5646c85cf3e68a
Application ID                     : {3dc4e181-f14b-4a21-b011-59fc669b0419}

The last section had a different thumbprint. This could be the reason for the issue. So had to remove this binding and re-associate it with the right certificate. So ran the command below.

netsh http delete sslcert ipport=111.111.111.111:443

Then ran the command to add the right hash.

Netsh http add sslcert  ipport=111.111.111.111:443certhash=6g241621555492d473411160e41fae768d489f1x appid={3dc4e181-f14b-4a21-b011-59fc669b0419}

Restarted IIS, and the 15021 error was gone.

However the blank page issue still persisted. Further search took me to KB 2871485, which seemed to make sense. I ran the below command to obtain the current authentication setting on the OWA ECP Virtual Directories. The settings for the FBA and Windows Integrated Authentication were as below.

Get-OwaVirtualDirectory -Server ServerName | fl *auth*
Get-EcpVirtualDirectory -Server ServerName | fl *auth*

Name                                                                     : owa (Default Web Site)
WindowsAuthentication                                    : False
FormsAuthentication                                          : True


Executed the below command to disable the Forms Based Authentication and enable Windows Integrated Authentication on both the OWA and ECP Virtual Directories.

Set-OwaVirtualDirectory -Identity " ServerName \owa (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true


Set-EcpVirtualDirectory -Identity " ServerName \ECP (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true


Did a IISReset and Eureka... I was able to access the ECP.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)