Greetings.  I have recently installed Exchange 2013 in a stand-alone Server 2012 VM.  The VM acts as a domain controller (this is a development environment only).  I installed both roles during the installation and have upgraded to CU1.  I can successfully login to OWA at __https://dc.adventureworks.com/owa (underscores to bypass this forum's URL rules only) as ADVENTUREWORKS\Administrator (Administrator in this VM is a domain admin).  OWA loads fine and shows an empty mailbox/calendar.  I can also successfully login to __https://dc.adventureworks.com:444/ecp but this just shows mail settings, not the ECP site I was expecting. 

The problem I'm having is that when I put in my credentials to __https://dc.adventureworks.com/ecp (the main ECP site), the browser flickers and immediately takes me back to the ECP login page.  If I put in an invalid password for this account, it properly displays the error message and asks to enter it again.  I can successfully connect to the server via Exchange power shell but not ECP UI.  The ECP virtual directory (under default web site) has Anonymous and Basic enabled, and all other authentication providers disabled.  I have tried multiple browsers with no luck.  There are a few blogs/forums out in the intranets that have similar problems to this, but none of the suggestions have resolved my issue.  Thanks for any feedback.

Hi Eric,

Please try the following..

Use this command to verify the location of your ECP Virtual Directory
Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL

Set your permissions as required
Set-ECPVirtualDirectory -Identity "InternalCAS\ecp (default web site)" -AdminEnabled $True

Thanks for the quick response but no luck:

Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL
Name        : ecp (Default Web Site)
InternalUrl : https://dc.adventureworks.com/ecp
ExternalUrl :

Set-ECPVirtualDirectory -Identity "ecp (Default Web Site)" -AdminEnabled $True
WARNING: The command completed successfully but no settings of 'DC\ecp (Default Web Site)' have been modified.

• Proposed as answer by Zer0 G Thursday, February 12, 2015 10:08 PM
• Unproposed as answer by Zer0 G Thursday, February 12, 2015 10:08 PM

This is the only Exchange Server in the Org correct?

If so.. create a new Adm account in AD and give it Exchange Organization Administrators rights.

Then log into the ECP with the new acc

Thanks again for the help.  Yes, this is the only instance of Exchange that has ever been installed on this VM.  As far as the 'Exchange Organization Administrators' rights, I'm not 100% sure what you're referring to, as I don't see that role in my environment:

Get-RoleGroup
Name                          AssignedRoles                 RoleAssignments               ManagedBy
----                          -------------                 ---------------               ---------
Organization Management       {Active Directory Permissi... {Active Directory Permissi... {adventureworks.com/Micros...
Recipient Management          {Distribution Groups, Mail... {Distribution Groups-Recip... {adventureworks.com/Micros...
View-Only Organization Man... {Monitoring, View-Only Con... {Monitoring-View-Only Orga... {adventureworks.com/Micros...
Public Folder Management      {Mail Enabled Public Folde... {Mail Enabled Public Folde... {adventureworks.com/Micros...
UM Management                 {UM Mailboxes, UM Prompts,... {UM Mailboxes-UM Managemen... {adventureworks.com/Micros...
Help Desk                     {User Options, View-Only R... {User Options-Help Desk, V... {adventureworks.com/Micros...
Records Management            {Audit Logs, Journaling, M... {Audit Logs-Records Manage... {adventureworks.com/Micros...
Discovery Management          {Legal Hold, Mailbox Search}  {Legal Hold-Discovery Mana... {adventureworks.com/Micros...
Server Management             {Database Copies, Database... {Database Copies-Server Ma... {adventureworks.com/Micros...
Delegated Setup               {View-Only Configuration}     {View-Only Configuration-D... {adventureworks.com/Micros...
Hygiene Management            {ApplicationImpersonation,... {ApplicationImpersonation-... {adventureworks.com/Micros...
Compliance Management         {Data Loss Prevention, Inf... {Data Loss Prevention-Comp... {adventureworks.com/Micros...

Regardless, I created a new AD account named adventureworks\exchangeadmin.  I added this user to the 'Organization Management' group in the 'Microsoft Exchange Security Groups' OU in Active Directory.  I then run the following command and can see the user here.  Is this what you are referring to?  If so, I can't login to ecp with this user (screen flickers and transfers back to login) either.  It looks like this is an IIS issue but not really sure.

Get-RoleGroup "Organization Management" | Format-List
RunspaceId                  : 6618dcd9-9796-407f-9ad8-0606d8236a35
ManagedBy                   : {adventureworks.com/Microsoft Exchange Security Groups/Organization Management}
RoleAssignments             : {Active Directory Permissions-Organization Management-Delegating, Active Directory
                              Permissions-Organization Management, Address Lists-Organization Management-Delegating,
                              Address Lists-Organization Management, ApplicationImpersonation-Organization
                              Management-Delegating, ArchiveApplication-Organization Management-Delegating, Audit
                              Logs-Organization Management-Delegating, Audit Logs-Organization Management, Cmdlet
                              Extension Agents-Organization Management-Delegating, Cmdlet Extension
                              Agents-Organization Management, Data Loss Prevention-Organization Management-Delegating,
                              Data Loss Prevention-Organization Management, Database Availability Groups-Organization
                              Management-Delegating, Database Availability Groups-Organization Management, Database
                              Copies-Organization Management-Delegating, Database Copies-Organization Management...}
Roles                       : {Active Directory Permissions, Address Lists, ApplicationImpersonation,
                              ArchiveApplication, Audit Logs, Cmdlet Extension Agents, Data Loss Prevention, Database
                              Availability Groups, Database Copies, Databases, Disaster Recovery, Distribution Groups,
                              Edge Subscriptions, E-Mail Address Policies, Exchange Connectors, Exchange Server
                              Certificates...}
DisplayName                 :
ExternalDirectoryObjectId   :
Members                     : {adventureworks.com/Users/ExchangeAdmin, adventureworks.com/Users/Administrator}
SamAccountName              : Organization Management
Description                 : Members of this management role group have permissions to manage Exchange objects and
                              their properties in the Exchange organization. Members can also delegate role groups and
                              management roles in the organization. This role group shouldn't be deleted.
RoleGroupType               : Standard
LinkedGroup                 :
Capabilities                : {}
LinkedPartnerGroupId        :
LinkedPartnerOrganizationId :
Identity                    : adventureworks.com/Microsoft Exchange Security Groups/Organization Management
IsValid                     : True
ExchangeVersion             : 0.10 (14.0.100.0)
Name                        : Organization Management
DistinguishedName           : CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=adventureworks,DC=com
Guid                        : 1924b79e-1790-4643-96b0-b4372b64db1f
ObjectCategory              : adventureworks.com/Configuration/Schema/Group
ObjectClass                 : {top, group}
WhenChanged                 : 7/19/2013 12:07:11 PM
WhenCreated                 : 7/18/2013 12:11:10 PM
WhenChangedUTC              : 7/19/2013 4:07:11 PM
WhenCreatedUTC              : 7/18/2013 4:11:10 PM
OrganizationId              :
OriginatingServer           : dc.adventureworks.com
ObjectState                 : Changed

Hi,

It should be the ECP Virtual Directory issue. We can rebuild ECP VD to refresh all the settings to default.

Following articles are about how to rebuild ECP Virtual Directory

Remove-EcpVirtualDirectory

http://technet.microsoft.com/en-us/library/dd351147(v=exchg.141).aspx

New-EcpVitualDirectory

http://technet.microsoft.com/en-us/library/dd351218(v=exchg.141).aspx

Hope it is helpful.

If you are satisfied with my solution, please mark as an answer.

Thanks

Mavis

• Marked as answer by Eric Eichler Tuesday, July 23, 2013 7:09 PM

Add the new account to Organization Management AD group to get full Exchange rights. Try with a new account which has this membership and if it still fails, re-create the virtual directory as explained above.

There have been few issues reported with Exchange 2013 running on a DC, but it is supported and hence should work ;-)

Nice!

I experienced the same thing. New Exchange install and boom! - blank ECP page. I created another admin account, gave it exchange organization rights in AD, reboot Exchange 2013 CAS and logged in successfully!

ok, wondering if anyone can help me with this.

I got the same problem, still can't login to Exchange admin or Outlook Web app.

It is a new install of Exchange 2013 on a standalone AD.

I have tried the solutions on this page but nothing is working.

Is there anything I have missed

The problem is solved by updating service pack 1

also make sure only basic authentication is enabled for owa and ecp.

I found the issue to be in my case that there was a CA in the environment giving out computer certificates for each PC that joined the domain. FOr some reason the Exchange install picked this certificate up and bind it to both back end and default website.

Revoked that cert and assigned a new one to the default and back end - flying now.