Announcement

Collapse
No announcement yet.

Error accessing Exchange 2013 OWA and ECP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error accessing Exchange 2013 OWA and ECP

    I have an Exchange 2013 install on Windows Server 2012. DC is on a separate Windows Server 2012 system. Everything appeared to be working fine with regard to mail flow, OWA and ECP access until I added my Certificate I requested from my CA.
    After installing this certificate I am unable to access OWA or ECP internally or externally. When I browse to the site with just server name\owa or FQDN\owa the result is the same. I see the favicon briefly show in the address before the the screen changes to an error page stating the connect was reset.
    I have attempted to remove and recreate the virtual directories for both OWA and ECP and remove the certificate. This has not helped and perhaps has made things worse.

    Also,
    Here the results of the Get-ExchangeCertificate command:
    
    Thumbprint Services Subject
    E5F091AC2E9C69C0C4A81532DDE7675F9D47A275 ....S.. CN=Microsoft Exchange Server Auth Certificate
    200A7C2D7F14E4F37C785524807A69C63E182B6A ...WS.. CN=ESLPLXCH02
    7E26D249E2F61D4A66F0CE74A13ABB516891797C ....... CN=WMSvc-ESLPLXCH02

    When trying to access OWA with IE I get the following eror:
    This page can't be displayed •Make sure the web address (Can't post URL's yet) is correct. •Look for the page with your search engine. •Refresh the page in a few minutes. •Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security

    When trying to access OWA with Firefox it says the connect was reset while loading the page.
    I am also seeing a ton of Audit Failures in the Security log. It shows bad username or password for the process:  
    C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMWorker.exe
    If you could tell me which log file(s) may help shed some light on this, I will attach them.

    Any help is greatly appreciated as I am under the gun to get this working and I am getting hammered by my boss.
    Thanks
    Kevin

  • #2
    Re: Error accessing Exchange 2013 OWA and ECP

    Sounds like classic corrupt SSL certificate. The SSL session cannot be established so IE throws a generic error.

    Get your CA to reissue the certificate, you will probably need a new SSL request for that.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Error accessing Exchange 2013 OWA and ECP

      Thanks for the swift reply Simon. I figured the certificate was the culprit as I start having problems after applying it. I will get the CA to reissue. However, the problem I still have is, how can I get rid of the corrupt certificate and its remnants so i can access OWA and ECP again? This corrupt cert has everything jacked up at the moment.

      Thanks again for your help.

      Kevin

      Comment


      • #4
        Re: Error accessing Exchange 2013 OWA and ECP

        If you can get in to the Shell then you can change the certificate there, or use IIS manager to bind the old self signed certificate to the web sites.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Error accessing Exchange 2013 OWA and ECP

          Originally posted by berrykd View Post
          Thanks for the swift reply Simon. I figured the certificate was the culprit as I start having problems after applying it. I will get the CA to reissue. However, the problem I still have is, how can I get rid of the corrupt certificate and its remnants so i can access OWA and ECP again? This corrupt cert has everything jacked up at the moment.

          Thanks again for your help.

          Kevin
          Can you verify that the certificate chain is intact and trusted by the local host?
          Failing that you could use powersell to re-apply the self signed certificate from your initial installation. If this is successful you can go ahead and configure from the GUI using a cert from your CA or use the Shell again.

          Comment


          • #6
            Re: Error accessing Exchange 2013 OWA and ECP

            Originally posted by Sembee View Post
            If you can get in to the Shell then you can change the certificate there, or use IIS manager to bind the old self signed certificate to the web sites.

            Simon.
            Oops didn't see this.

            Comment


            • #7
              Re: Error accessing Exchange 2013 OWA and ECP

              Originally posted by scurlaruntings View Post
              Oops didn't see this.
              No worries, I appreciate your help nonetheless. I will take Sembee's advice and use the shell to rebind the self signed cert then recreate a request to re-key my CA cert.

              Which command would I use in the shell to verify the certificate chain?

              Thanks

              Kevin

              Comment


              • #8
                Re: Error accessing Exchange 2013 OWA and ECP

                Originally posted by berrykd View Post
                No worries, I appreciate your help nonetheless. I will take Sembee's advice and use the shell to rebind the self signed cert then recreate a request to re-key my CA cert.

                Which command would I use in the shell to verify the certificate chain?

                Thanks

                Kevin
                Verify the cert chain from the or a management console or IIS. Run>MMC and add Certificates. In the 'computer account' ensure the chain goes up to a trusted root. If this is a lab set up its likely you've only deployed a root CA and not a root>intermediary.

                Comment


                • #9
                  Re: Error accessing Exchange 2013 OWA and ECP

                  Originally posted by Sembee View Post
                  Sounds like classic corrupt SSL certificate. The SSL session cannot be established so IE throws a generic error.

                  Get your CA to reissue the certificate, you will probably need a new SSL request for that.

                  Simon.
                  Simon, that did the trick. After re-assigning roles to my self signed cert I was able to get back in. I then created and new request and re-keyed the CA cert.

                  Thank you very much for your assistance and I want to thank scurlaruntings for helping me as well.

                  One other thing that I am trying to tackle is redirection. I have employed redirection from http to https to simply the url for my users. This works fine for internal clients. From the internet this is not working. I get 403 unless I use https. How can I tackle this?

                  Comment


                  • #10
                    Re: Error accessing Exchange 2013 OWA and ECP

                    Originally posted by berrykd View Post
                    Simon, that did the trick. After re-assigning roles to my self signed cert I was able to get back in. I then created and new request and re-keyed the CA cert.

                    Thank you very much for your assistance and I want to thank scurlaruntings for helping me as well.

                    One other thing that I am trying to tackle is redirection. I have employed redirection from http to https to simply the url for my users. This works fine for internal clients. From the internet this is not working. I get 403 unless I use https. How can I tackle this?
                    Likely firewall related. Have you made sure you have port 80 open too? Although you're getting a 403 forbidden which makes me think the response has come back from your CAS. Did you configure the redirection in IIS?

                    Comment

                    Working...
                    X