Announcement

Collapse
No announcement yet.

Unable to access /ecp or /owa

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to access /ecp or /owa

    I recently installed Exchange 2013 with SP1 on three new Exchange servers (Server 2012r2). They are all multi-role servers and when I open the ECP on two of them, I am prompted for credentials. On one of the new servers, I see the following:

    From Chrome on my PC (https://servername/ecp), I am redirected to https://servername/owa/auth/errorFE.aspx?httpCode=500 and get a message that says

    The webpage at https://servername/owa/auth/errorFE.aspx?httpCode=500 has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

    Error code: Err_TOO_MANY_REDIRECTS
    From the server (https://localhost/ecp/?ExchClientVer=15) I get
    Server Error in '/owa' Application.

    Access is denied.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.ServiceModel.Security.SecurityAccessDeniedE xception: Access is denied.

    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:
    [SecurityAccessDeniedException: Access is denied.]
    System.Runtime.Remoting.Proxies.RealProxy.HandleRe turnMessage(IMessage reqMsg, IMessage retMsg) +14483202
    System.Runtime.Remoting.Proxies.RealProxy.PrivateI nvoke(MessageData& msgData, Int32 type) +622
    Microsoft.Exchange.Data.Directory.TopologyDiscover y.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested) +0
    Microsoft.Exchange.Data.Directory.<>c__DisplayClas s10.<InternalServiceProviderGetServersForRole>b__f (IPooledServiceProxy`1 proxy) +145
    Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallS erviceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception) +274

    ...
    Other symptoms include:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 3/17/2015 8:28:54 AM
    Event time (UTC): 3/17/2015 2:28:54 PM
    Event ID: 713290da2ff34773bae129f8953e4305
    Event sequence: 2
    Event occurrence: 1
    Event detail code: 0

    Application information:
    Application domain: /LM/W3SVC/1/ROOT/owa-29-130710761250745972
    Trust level: Full
    Application Virtual Path: /owa
    Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\
    Machine name: servername
    Event 3002: Protocol /owa failed to process request from identity NT AUTHORITY\SYSTEM. Exception: Microsoft.Exchange.Data.Directory.ADTopologyUnexpe ctedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedE xception: Access is denied.
    Event 4027: Process w3wp.exe (OWA) (PID=1720. WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 1 time(s). Error Details
    System.ServiceModel.Security.SecurityAccessDeniedE xception: Access is denied.
    Event 1003 [Owa] An internal server error occurred. The unhandled exception was: Microsoft.Exchange.Data.Directory.ADTopologyUnexpe ctedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedE xception: Access is denied.
    Here is what I tried:
    1. Remove-WebApplication -Site "Exchange Back End" -Name owa (with "New-WebApplication -Site "Exchange Back End" -Name owa -PhysicalPath "C:\Program Files\Microsoft\Exchange Serve..."). I did the same for ECP
    2. Remove-OwaVirtualDirectory "servername\owa (Default Web Site)" / Remove-OwaVirtualDirectory "servername\owa (exchange back end)" (with New-OwaVirtualDirectory -InternalUrl "https://url/owa" -ExternalUrl "https://... for both sites). I did the same for ECP
    3. Verified that KB2898571 is not applicable (the results of Get-ADPermission -Identity <ExchangeComputerObject> | where {($_.ExtendedRights -like "ms-Exch-EPI-Token-Serialization") -and ($_.Deny -like "True")} | ft -autosize User,ExtendedRights are the same on the servers that work and the one that doesn't. Just to be sure, I verified that there are no groups as members of Domain Admins
    4. Verified that KB317471 is not applicable (wrong OS)
    5. Verified that the ECP and OWA virtual directories on all servers are set to FormsAuth==True & WindowsAuth==False
    6. Verified that Default Web Site, ecp, and owa virtual directories are all set to require SSL
    7. Rebooted


    This seems like an AD issue, but the broken server is on the same network (and in the same datacenter) as the servers that let me load ECP. Maybe I should un-join, then re-join the domain?

    Thoughts? Thanks.

  • #2
    Re: Unable to access /ecp or /owa

    I am going to re-install Exchange.

    Comment

    Working...
    X