Hi people,

Ive just installed my new Exchange 2013 SP1 environment in a new domain.

Ive installed two Mailbox server and two Client Access servers, Ive started the installation with two mailbox serves and to continue Ive installed the Client Access servers. When I finished the installation in each server I restarted it.

Now, my problema is the Access to Exchange Administration Center.

Im trying with https://servercas1.domain.local/ecp or https://servercas2.domain.local/ecp

In both cases, Internet explorer sais "this page cant be displayed"

Ive checked the Ecpvirtualdirectory in PowerShell, and internal url is correct: https://servercas1.domain.local/ecp in the first CAS and https://servercas2.domain.local/ecp in the second CAS.

Ive tried Access by IP, but with the same result...

Finally, Ive tried the Access with https://localhost/ecp and it Works!

But... I want to Access by name, no by localhost....

Someone knows why I cant Access by name??

I understand the Access to EAC is only possible through the CAS, because in the Mailbox doesnt work it, right?

Thanks and Best regards.

Have you tried to Connect to https://servermbx1.domain.local/ecp ?

Maybe you can check your certificate in IIS. (bindings)

Hi, There is local DNS issue and you have to make below given entry in local host file. Follow the following step. 1-Go to run-and type DRIVERS Then press enter after that drivers folder will open 2-open the ETC folder after that there is host file. 3-open the host file in notepad 4-and make below given entry in host and then save the file. Servercas1.domain.local 10.0.0.10 Then try to open the url Regards, Ravindra kr.

Hi Eirik and Ahuibers.

Ive tried to connect to https://servermbx1.domain.local/ecp and with the same result "this page cant be displayed"

In the IIS bindings for Site "Default Web Site" in servercas has:

  

The Certificate is Microsoft Exchange....

Your CAS Bindings is like my CAS Bindings??

I havent done any changes... this is the configuration by default...

I understand I will have to add in these bindings, the name of the CAS in Host Name... But its strange right?

Thanks.

Hi Exchange Specialist,

I dont think so there is a local DNS issue. DNS is working all right. The access through IP fail as well.

However Ive addedd in the host file the IP and Name of Casserver:

10.10.10.10     servercas1.domain.local

And ive tried again with the same result...

aren there any different options in IIS bindings on HTTPS and the HTTPS variant 127.0.0.1?

What about reset a virtual directory?

http://technet.microsoft.com/en-us/library/ff629372.aspx

Hi Ahuibers,

There isnt any different option. This is Site Binding for HTTPS:

This is Site Binding with variant 127.0.0.1

Eirik... how is possible the virtual directories are corrupt? Ive just finished Exchange 2013 SP1 installation without errors...

Ill try to reset it... but Im very surprised...

Thanks

Are all exchange services running? Have you try a server reboot.

Reset the virtual directory is also an option, as Erik says. It is strange because it is a new installation but give it a try. ;)

Hi,

I checked Exchange Services in my CAS:

To carry on Ive reset ECP Virtual Directory:

1.- Remove-EcpVirtualDirectory -Identity "servercas1\ecp (Default Web Site)"

2.- New-EcpVirtualDirectory -Server servercas1 -InternalUrl https://servercas1.domain.local/ecp

3.- IISRESET

But It doesnt work... When I try to access https://servercas1.domain.local/ecp it fails...

If I try with https://localhost/ecp It works.

Is the same case in both CAS Servers.. servercas1 and servercas2...

Have you tried it from another pc?

What is the exact error you get?

is IE Enhanced Security Configuration turned off?

try: https://servercas1/ecp/?ExchClientVer=15

After reset the directory you have to check certificates in IIS again.

• Edited by ahuibers Wednesday, January 14, 2015 3:23 PM

Hi,

Yes Ive tried it from another computer different to CAS... with the same result.

This is the error:

Yes, IE Enhanced Security Configuration is off for administrators and users.

Ive tried with https://servercas1/ecp/?ExchClientVer=15 with the same result...

Ive checked certificate in IIS and for binding 443 has SSL Certificate (Microsoft Exchange).

After reset ECP Virtual Directory... the result is the same thant the begining... only works with https://localhost/ecp

In ECP go to servers, and then Certificates.

Verify that the one that have Assigned to service IIS is the same you have selected in IIS.

Also check on that page the Subject Alternative Names by opening that certificate. there must be records you are using in IE.

• Edited by ahuibers Wednesday, January 14, 2015 4:03 PM

Wuou.. unbelievable... After reset the ECP.. when I login in the EAC it fails with HTTP 500 Internal Server Error...

I have edited my reply.. Is OWA working by the way?

Now, when I try to access OWA (https://localhost/owa) it fails with HTTP 500 Internal Server Error as well...

Is your authentication method on OWA vir. dir. different from ECP vir.dir?

From https://social.technet.microsoft.com/Forums/exchange/en-US/2f64d305-e9e2-4f48-a5b4-4f72d7bca801/exchange-2013-owaecp-http-500-internal-server-error?forum=exchangesvrclients Winnie is writing.

Please check on the Application Pools to view whether OWA
and ECP Application Pool is running on .NET Framework v4.0. It maybe
the incompletely installation of Framework that causes this error.

If so, We can try to run the following command as Administrator:

%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

Or change the MSExchangeECPAppPool from .NET Framework from v4.0 to v2.0. Then restart IIS to have a try.

Does this apply to your Exchange installation?

Information above is from Winnie Liang

Hi,

Please check on the Application Pools to view whether OWA and ECP Application Pool is running on .NET Framework v4.0. It maybe the incompletely installation of Framework that causes this error.

If so, We can try to run the following command as Administrator:

%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

Or change the MSExchangeECPAppPool from .NET Framework from v4.0 to v2.0. Then restart IIS to have a try.

Re

Hi Eirik,

The authentication method on OWA and ECP vir. dir. is the same:

OWA:

ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

ECP:

InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Ive checked the Applications Pools on OWA & ECP and both running on .NET Framework v4.0.

Ive tried to run this command:

%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

But this option is not supported with Windows Server 2012 R2:

C:\Windows\system32>%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.ex
e -i
Microsoft (R) ASP.NET RegIIS version 4.0.30319.33440
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation.  All rights reserved.
Start installing ASP.NET (4.0.30319.33440).
This option is not supported on this version of the operating system.  Administr
ators should instead install/uninstall ASP.NET 4.5 with IIS8 using the "Turn Win
dows Features On/Off" dialog,  the Server Manager management tool, or the dism.e
xe command line tool.  For more details please see http://go.microsoft.com/fwlin
k/?LinkID=216771.
Finished installing ASP.NET (4.0.30319.33440).

I dont understand something. I have 4 servers, 2 Mailboxes and 2 Client Access. I run reset OWA and ECP virtual directories only in one of the CAS Server. Although if I access to the other CAS Server I have the same problem (HTTP 500 Error).

Have I to run reset virtual directories in all CAS Servers? And In all Mailboxes Servers? 

I dont understand how is possible this occurs in new Installation and clean installation without errors...

Thanks

Hi Tropoglar,

According to your description, I understand that cannot open ECP login page with servername, however it works with "https://localhost/ecp".
If I misunderstand your concern, please do not hesitate to let me know.

Microsoft do not recommend install the Exchange server on a Domain controller, more details please refer to:
http://technet.microsoft.com/en-us/library/ms.exch.setupreadiness.warninginstallexchangerolesondomaincontroller(v=exchg.150).aspx

For HTTP 500 error, please run following command to double check the authentication methods:
Get-EcpVirtualDirectory | FL Identity,*auth*,*URL*
Then please run iisreset after modify the setting of virtual directory.

For your primary question, please try to open CMD and run Ping CAS1Servername.
Then open DNS Manager and double check whether there is a existing recording for CAS1 server and CAS2 server.
If not, please right click and select New Host (A or AAAA) with correct IP address.

Best Regards,
Allen Wang

• Edited by Allen_WangJF Thursday, January 15, 2015 8:42 AM

Hi Allen,

First of all, thanks for your reply.

In my first message I wrote about my Environment, this is:

- 2 Servers DCs (2012 R2 with 2012R domain/forest level)

- 2 Servers Mailboxes Exchange Server 2013 SP1 (Windows Server 2012 R2)

- 2 Servers Client Access Exchange Server 2013 SP1 (Windows Server 2012 R2)

My stepts to installation were:

1.- Install new DC and create new domain. After this install second DC in the same domain.

2.- Install OS in 4 servers for Exchange with Windows Server 2012 R2. Join these servers in domain.

3.- Install Prerequisites in 4 Exchange Servers:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

4.- Install Microsoft Unified Communications Managed API 4.0 in 4 Exchange Servers.

5.- Install Microsoft Office 2010 Filter Pack x64 and SP1 only in 2 Mailbox Servers

6.- Extend Active Directory Schema: 

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

7.- Prepare Active Directory:

Setup.exe /PrepareAD /OrganizationName:"Exchange Organization" /IAcceptExchangeServerLicenseTerms

8.- Prepare Domain:

setup /PrepareAD /IAcceptExchangeServerLicenseTerms

9.- Install Exchange Server 2013 SP1 in 2 Mailbox Servers

10.- Install Exchange Server 2013 SP1 in 2 Client Access Servers

11.- Reboot all Exchange Servers when finished the installation

After this, when I tried to access to Exchange Admin Center with https://servercas1.domain.local/ecp or https://servercas2.domain.local/ecp 

It fails with "this page cant be displayed"

Only worked with https://localhost/ecp

In this moment is when I decided to write in the forum to share my problem. And I follow your recommendations...

But in this moment I cant access Exchange Admin Center, about a problem with authentication...

This is the result for Get-EcpVirtualDirectory | FL Identity,*auth*,*URL*

Identity                      : servercas1\ecp (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}
InternalUrl                   : https://servercas1.domain.local/ecp
ExternalUrl                   :

Identity                      : servercas2\ecp (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}
InternalUrl                   : https://servercas2.domain.local/ecp
ExternalUrl                   :

I dont have ayn problem with DNS... It works!

Thanks for your reply

Best Regards,

Can this help for error 500?

Hi Ahuibers,

In my case, I dont have any error in Application Event viewer.

This is the value I have in CanaryData:

At the beggining I could access Exchange admin Center and login it, only by localhost, but after reset ECP and OWA virtual directories, I think I have a authentication problem, because i can access login page, when I try to login with bad password, it advices me:

The user name or password you entered isnt correct. Try entering it again.

But when I login with good password, it fails with HTTP 500 Internal Server Error:

As I see in your previous post this is not correct:

Check the ECP Virtual Directory configured correct Authentication 
It should enabled windows authentication 
Form based authentication should be disabled.

See this for more information

• Edited by ahuibers Thursday, January 15, 2015 10:59 AM

Hi ahuibers,

Ive checked your response and the information in this URL.

It sais to run: Set-Owavirtualdirectory -identity "Exch15hub\owa (Exchange Back End)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

But in my Client Access Servers, Owa Vir. Dir. isnt in Exchange Back End, it is in Default Web Site. The same happens with ECP vir. dir.

I run:

Set-Owavirtualdirectory -identity "servercas1\owa (Default Web Site)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

Set-Owavirtualdirectory -identity "servercas2\owa (Default Web Site)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

After this I did a IISRESET. To continue Ive tried to access Exchange Admin Center, but it didnt work, even i didnt appear Login Page.

I did authentication rollback in my CAS and Im in the same situation before run this change, Login Page appear but when i try to login It fails.

I thing my problem is the ECP, OWA vir. dir. in Mailboxes, is possible?

This is the authetication configuracion en all Exchange Servers now:

For CAS:

Identity                      : servercas1\ecp (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}
InternalUrl                   : https://servercas1.ppps.local/ecp
ExternalUrl                   :

Identity                      : servercas2\ecp (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}
InternalUrl                   : https://servercas2.ppps.local/ecp
ExternalUrl                   :

For Mailboxes ECP:

For Mailboxes OWA:

 

 

okay,  ECP is working again on localhost. Now you can try my prevous post:

In ECP go to servers, and then Certificates.

Verify that the one that have Assigned to service IIS is the same you have selected in IIS.

 Also check on that page the  Subject Alternative Names by opening that certificate. there must be records you are using in IE.

No no... sorry Probably I havent explain correctly...

Now I can access to login page.. but when I try to login with username and password it fails with HTTP 500 internal server error...

This happens since I did a reset ECP and OWA virtual directory....

Thanks.

Okay, you are very pretty complete in your replies. I must read a bit better your answers.. ;) 

A qoute from Marshall Lucas:

link

I opened a case with Microsoft.  After 3 days and over 15 hours on the phone they were able to resolve the problem.  They had to use ADSI edit to remove the canary data for the domain.

I tried rebuilding the virtual directories, building a new CAS server, a new mailbox server and a new server with both roles installed.  I created a new database and new users in that database and used the new CAS server but the problem continued which led us to believe it was something being obtained from Active Directory.  We finally figured out the problem was in the properties of an object in ADSI. 

You have to open the ADSI editor on the primary domain controller (start-->administrative tools-->ADSI edit), go to CN=Services --> CN=Microsoft Exchange --> CN=<Your Site Name>  Right click CN=Client Access and click properties.  Scroll down to msExchCanaryData0.  You have to click edit and copy the data from Data0, Data1 and Data2 (you may have more or less) to a notepad file.  Then erase the data from those settings.  Now log onto the CAS server and open IIS management.  Go to application pools and  right click MSExchangeOWAAppPool and click Recycling.  Then restart all of the mailbox servers. 

It's a great idea to take a system state backup before performing these steps as editing ADSI data is risky. 

Hi,

Sorry for delay.

Please try to open Control Panel\Programs\Programs and Features and double check whether there is an program named Microsoft Visual C++ Redistributable.
This program will be auto-installed when install Unified Communications Managed API 4.0 Runtime. More de details about it, please refer to Install Instructions section in below link:
http://www.microsoft.com/en-AU/download/details.aspx?id=34992

If no, please manual download and install this software for testing.

Best Regards,
Allen Wang

• Proposed as answer by Allen_WangJF Monday, January 26, 2015 3:41 PM
• Marked as answer by Mavis_HuangMicrosoft contingent staff, Moderator Tuesday, January 27, 2015 4:36 AM
• Unmarked as answer by Tropoglar Tuesday, January 27, 2015 7:46 AM
• Unproposed as answer by Tropoglar Tuesday, January 27, 2015 7:46 AM

Hi,

Excuse me but... this is not the solution...

Finally, Ive started again the installation of Exchange 2013... I hope this time it works fine!

• Proposed as answer by ahuibers Tuesday, January 27, 2015 7:43 AM

Just curious. Did you try to mess around with the authentication in Exchange to see if that did any difference?

Iv seen HTTP 500 error before, but when Windows Auth was enabled. Then I did change the providers, in IIS to get it to work.

Hi,

Ive just finished a new installation, fresh installation of Exchange Server 2013 SP1. With new domain, new DCs...

Domain Info:

- OS: Windows Server 2012 R2

- Domain/Forest Level: 2012 R2

- DNS, GC, Define Subnet in Sites & Services...

Exchange Info:

- OS: Windows Server 2012 R2

- 2 servers, one Mailbox and one CAS.

My steps for installing Exchange:

1.- Install-WindowsFeature RSAT-ADDS (In both Exchange Servers)

2.- Install Prerequisites for Exchange (In both Exchange Servers):

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

3.- Restart Servers

4.- Install Microsoft Unified Communications Managed API 4.0 in both Servers

5.- Prepare Schema: Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

6.- Prepare Active Directory: Setup.exe /PrepareAD /OrganizationName:"Exchange Org" /IAcceptExchangeServerLicenseTerms

7.- Prepare Domain: setup /PrepareAD /IAcceptExchangeServerLicenseTerms

8.- Replicate DCs

9.- Install Mailbox Server

10.- Restart Mailbox Server when finished the installation

11.- Install Client Access Server

12.- Restar Client Access Server when finished the installation

13.- Try to access EAC from CAS Server with: https://cas01/ecp/?ExchClientVer=15

But it FAILS. "This Page cant be displayed"

14.- Try to access EAC from IP CAS Server with: https://xxx.xxx.xxx.xxx/ecp/?ExchClientVer=15

But it FAILS. "This Page cant be displayed"

14.- Try to access EAC from CAS Server with https://localhost/ecp/?ExchClientVer=15

It works!

15.- Try to access EAC from CAS Server with https://127.0.0.1/ecp/?ExchClientVer=15

It works!

These are the bindings from CAS (Default Web Site):

These are the certificates in EAC for Exchange:

I cant believe, it happens the same that in the past... but its true...

I cant access EAC by name neither by IP... only by localhost or IP loopback...

Hi mates!

Finally I fix the problem. The Exchange servers had a proxy server configured...

Ive unchecked "Use a proxy server..." and It works!! I can access by name and IP in EAC and OWA...

Thanks for your help.

• Marked as answer by Tropoglar 2 hours 2 minutes ago