We are running an up-to-date version of Exchange. We have two front-end servers and two back-end. Everything was working ok, then our certificate expired so we got a new one and installed it. Now everything is working except for OWA. When you go to https://<myserver>/owa you get the logon screen and enter the username and password. The problem is that after clicking on submit, the next screen you get is a 404 error. I once saw a 500 error but since only 404. Im guessing that since this started with the new certificate it's related to that. Do you need the IIS service on the front-end for the certificate, currently we only have SMTP? Or is there another place we need to install the certificate that we've left out?

You're running Exchange 2007, correct? There's no "front end" or "back end" in Exchange 2007, there are now roles, CAS and Mailbox. Is that what you mean? Yes, your problem could certainly be certificate-related but it's hard to say without any information.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Ghostta, Any updates? Exchange 2003 or Exchange 2007? 3rd party certificate or interna CA one? Please post the error message here when you open OWA. Please check whether there is any error events in the Event Viewer. For Exchange 2007: Securing an Exchange 2007 Client Access Server using a 3rd party SAN Certificate http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html Frank Wang Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Hi Ghostta, Any updates? Frank Wang

That is correct, CAS and Mailbox. There are no events created in the event log to show any sort of error making it hard to figure out. What more information would you like. We are running IIS 7. I am going to try re-creating the virtual directories, as the certificate authority verified the certificate is ok.

It is a third party certificate that has IIS enabled. Here is the URL message: https://email.mross.com/owa?url=https%3a%2f%2femail.mross.com%2fowa%2f&reason=0 Here is the webpage we get after typing in the correct information: The page cannot be found The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please try the following: Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly. If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted. Click the Back button to try another link. HTTP Error 404 - File or directory not found. Internet Information Services (IIS) Technical Information (for support personnel) Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404. Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.

This may also help. I ran the command "Test-Owaconnectivity -URL:xxxx -MailboxCredentials:xxxx and it gives these warnings: WARNING: The server neither challenged for authentication nor returned the forms-based authentication page. WARNING: The test received an unexpected response to an Outlook Web Access request. WARNING: The test for URL 'https://email.mross.com/owa/' failed.

Hi Ghostta, About the OWA error message "HTTP Error 404 - File or directory not found", please see this Technet document: Outlook Web Access Returns an Unexpected Response http://technet.microsoft.com/en-us/library/cc179584%28EXCHG.80%29.aspx Similar post, please see: http error 404 while trying to access OWA http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/83c3c24a-82c5-4afc-bf8b-9bd09ea9fedf/ Frank Wang

Thank you. I went through both those links with the exception of removing the CAS role and adding it again. Unfortunately all the settings are correct on our end. I tried removing settings and added them again and it unfortunately has not made a difference. I am talking with the team about next steps.

Do you need the IIS service on the front-end for the certificate, currently we only have SMTP? Or is there another place we need to install the certificate that we've left out? Hi Ghostta, Yes, you should enable the IIS on the certificate. Please run the cmdlet Get-ExchangeCertifcate | fl to check whether the Services are enabled. Did you get the certificate from Entrust? If yes, did you follow the below link to install the certificate? How to install an Entrust Unified Communications Certificate (UCC) in Microsoft Exchange Server 2007 http://www.entrust.net/knowledge-base/technote.cfm?tn=7031 Since you have two CAS servers, please install the certificate on both servers(Suggest you remove the expired one). Resource: Exchange 2007 lessons learned - generating a certificate with a 3rd party CA http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx Frank Wang Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

It was an issue between the extra layer of Entrust security and OWA. No the certificate was from DigiCert and was installed correctly in OWA with all the appropriate services. There were some extra steps needed for the Entrust grid card system to work properly with OWA and the new certificate. I wasn't the one who fixed it however so I am unable to post what was done to complete support call. Thank you for all your help. Daniel