none
Can't login to Admin Center (ecp) after new install of Exchange 2013

    Question

  • Greetings.  I have recently installed Exchange 2013 in a stand-alone Server 2012 VM.  The VM acts as a domain controller (this is a development environment only).  I installed both roles during the installation and have upgraded to CU1.  I can successfully login to OWA at __https://dc.adventureworks.com/owa (underscores to bypass this forum's URL rules only) as ADVENTUREWORKS\Administrator (Administrator in this VM is a domain admin).  OWA loads fine and shows an empty mailbox/calendar.  I can also successfully login to __https://dc.adventureworks.com:444/ecp but this just shows mail settings, not the ECP site I was expecting. 

    The problem I'm having is that when I put in my credentials to __https://dc.adventureworks.com/ecp (the main ECP site), the browser flickers and immediately takes me back to the ECP login page.  If I put in an invalid password for this account, it properly displays the error message and asks to enter it again.  I can successfully connect to the server via Exchange power shell but not ECP UI.  The ECP virtual directory (under default web site) has Anonymous and Basic enabled, and all other authentication providers disabled.  I have tried multiple browsers with no luck.  There are a few blogs/forums out in the intranets that have similar problems to this, but none of the suggestions have resolved my issue.  Thanks for any feedback.

    Friday, July 19, 2013 2:40 PM

Answers

All replies

  • Hi Eric,

    Please try the following..

    Use this command to verify the location of your ECP Virtual Directory
    Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL

    Set your permissions as required
    Set-ECPVirtualDirectory -Identity "InternalCAS\ecp (default web site)" -AdminEnabled $True



    Dame Luthas, ITILv3, MCSE Messaging 2013, MCSA, MCITP

    My Technical Blog: http://thelifestrategist.wordpress.com/

    Discipline is the Difference between Goals and Accomplishments..

    Friday, July 19, 2013 2:49 PM
  • Thanks for the quick response but no luck:

    Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL
    Name        : ecp (Default Web Site)
    InternalUrl : https://dc.adventureworks.com/ecp
    ExternalUrl :

    Set-ECPVirtualDirectory -Identity "ecp (Default Web Site)" -AdminEnabled $True
    WARNING: The command completed successfully but no settings of 'DC\ecp (Default Web Site)' have been modified.

    Friday, July 19, 2013 2:56 PM
  • This is the only Exchange Server in the Org correct?

    If so.. create a new Adm account in AD and give it Exchange Organization Administrators rights.

    Then log into the ECP with the new account.


    Dame Luthas, ITILv3, MCSE Messaging 2013, MCSA, MCITP

    My Technical Blog: http://thelifestrategist.wordpress.com/

    Discipline is the Difference between Goals and Accomplishments..


    • Edited by Dame Luthas Friday, July 19, 2013 3:04 PM error
    Friday, July 19, 2013 3:03 PM
  • Thanks again for the help.  Yes, this is the only instance of Exchange that has ever been installed on this VM.  As far as the 'Exchange Organization Administrators' rights, I'm not 100% sure what you're referring to, as I don't see that role in my environment:

    Get-RoleGroup
    Name                          AssignedRoles                 RoleAssignments               ManagedBy
    ----                          -------------                 ---------------               ---------
    Organization Management       {Active Directory Permissi... {Active Directory Permissi... {adventureworks.com/Micros...
    Recipient Management          {Distribution Groups, Mail... {Distribution Groups-Recip... {adventureworks.com/Micros...
    View-Only Organization Man... {Monitoring, View-Only Con... {Monitoring-View-Only Orga... {adventureworks.com/Micros...
    Public Folder Management      {Mail Enabled Public Folde... {Mail Enabled Public Folde... {adventureworks.com/Micros...
    UM Management                 {UM Mailboxes, UM Prompts,... {UM Mailboxes-UM Managemen... {adventureworks.com/Micros...
    Help Desk                     {User Options, View-Only R... {User Options-Help Desk, V... {adventureworks.com/Micros...
    Records Management            {Audit Logs, Journaling, M... {Audit Logs-Records Manage... {adventureworks.com/Micros...
    Discovery Management          {Legal Hold, Mailbox Search}  {Legal Hold-Discovery Mana... {adventureworks.com/Micros...
    Server Management             {Database Copies, Database... {Database Copies-Server Ma... {adventureworks.com/Micros...
    Delegated Setup               {View-Only Configuration}     {View-Only Configuration-D... {adventureworks.com/Micros...
    Hygiene Management            {ApplicationImpersonation,... {ApplicationImpersonation-... {adventureworks.com/Micros...
    Compliance Management         {Data Loss Prevention, Inf... {Data Loss Prevention-Comp... {adventureworks.com/Micros...

    Regardless, I created a new AD account named adventureworks\exchangeadmin.  I added this user to the 'Organization Management' group in the 'Microsoft Exchange Security Groups' OU in Active Directory.  I then run the following command and can see the user here.  Is this what you are referring to?  If so, I can't login to ecp with this user (screen flickers and transfers back to login) either.  It looks like this is an IIS issue but not really sure.

    Get-RoleGroup "Organization Management" | Format-List
    RunspaceId                  : 6618dcd9-9796-407f-9ad8-0606d8236a35
    ManagedBy                   : {adventureworks.com/Microsoft Exchange Security Groups/Organization Management}
    RoleAssignments             : {Active Directory Permissions-Organization Management-Delegating, Active Directory
                                  Permissions-Organization Management, Address Lists-Organization Management-Delegating,
                                  Address Lists-Organization Management, ApplicationImpersonation-Organization
                                  Management-Delegating, ArchiveApplication-Organization Management-Delegating, Audit
                                  Logs-Organization Management-Delegating, Audit Logs-Organization Management, Cmdlet
                                  Extension Agents-Organization Management-Delegating, Cmdlet Extension
                                  Agents-Organization Management, Data Loss Prevention-Organization Management-Delegating,
                                  Data Loss Prevention-Organization Management, Database Availability Groups-Organization
                                  Management-Delegating, Database Availability Groups-Organization Management, Database
                                  Copies-Organization Management-Delegating, Database Copies-Organization Management...}
    Roles                       : {Active Directory Permissions, Address Lists, ApplicationImpersonation,
                                  ArchiveApplication, Audit Logs, Cmdlet Extension Agents, Data Loss Prevention, Database
                                  Availability Groups, Database Copies, Databases, Disaster Recovery, Distribution Groups,
                                  Edge Subscriptions, E-Mail Address Policies, Exchange Connectors, Exchange Server
                                  Certificates...}
    DisplayName                 :
    ExternalDirectoryObjectId   :
    Members                     : {adventureworks.com/Users/ExchangeAdmin, adventureworks.com/Users/Administrator}
    SamAccountName              : Organization Management
    Description                 : Members of this management role group have permissions to manage Exchange objects and
                                  their properties in the Exchange organization. Members can also delegate role groups and
                                  management roles in the organization. This role group shouldn't be deleted.
    RoleGroupType               : Standard
    LinkedGroup                 :
    Capabilities                : {}
    LinkedPartnerGroupId        :
    LinkedPartnerOrganizationId :
    Identity                    : adventureworks.com/Microsoft Exchange Security Groups/Organization Management
    IsValid                     : True
    ExchangeVersion             : 0.10 (14.0.100.0)
    Name                        : Organization Management
    DistinguishedName           : CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=adventureworks,DC=com
    Guid                        : 1924b79e-1790-4643-96b0-b4372b64db1f
    ObjectCategory              : adventureworks.com/Configuration/Schema/Group
    ObjectClass                 : {top, group}
    WhenChanged                 : 7/19/2013 12:07:11 PM
    WhenCreated                 : 7/18/2013 12:11:10 PM
    WhenChangedUTC              : 7/19/2013 4:07:11 PM
    WhenCreatedUTC              : 7/18/2013 4:11:10 PM
    OrganizationId              :
    OriginatingServer           : dc.adventureworks.com
    ObjectState                 : Changed

    Friday, July 19, 2013 4:12 PM
  • Hi,

    It should be the ECP Virtual Directory issue. We can rebuild ECP VD to refresh all the settings to default.

    Following articles are about how to rebuild ECP Virtual Directory

    Remove-EcpVirtualDirectory

    http://technet.microsoft.com/en-us/library/dd351147(v=exchg.141).aspx

    New-EcpVitualDirectory

    http://technet.microsoft.com/en-us/library/dd351218(v=exchg.141).aspx

    Hope it is helpful.

    If you are satisfied with my solution, please mark as an answer.

    Thanks

    Mavis

    • Marked as answer by Eric Eichler Tuesday, July 23, 2013 7:09 PM
    Monday, July 22, 2013 9:18 AM
  • Add the new account to Organization Management AD group to get full Exchange rights. Try with a new account which has this membership and if it still fails, re-create the virtual directory as explained above.

    There have been few issues reported with Exchange 2013 running on a DC, but it is supported and hence should work ;-)


    Rajith Enchiparambil | http://www.howexchangeworks.com |

    HowExchangeWorks.Com

    Monday, July 22, 2013 10:14 AM
  • Nice!

    Dame Luthas, ITILv3, MCSE Messaging 2013, MCSA, MCITP

    My Technical Blog: http://thelifestrategist.wordpress.com

    Discipline is the Difference between Goals and Accomplishments

    If this post is useful, please hit the green arrow on the left & if this is the answer hit "mark as answer"

    Monday, July 22, 2013 11:39 AM
  • I experienced the same thing. New Exchange install and boom! - blank ECP page. I created another admin account, gave it exchange organization rights in AD, reboot Exchange 2013 CAS and logged in successfully!
    Thursday, October 31, 2013 3:12 PM
  • ok, wondering if anyone can help me with this.

    I got the same problem, still can't login to Exchange admin or Outlook Web app.

    It is a new install of Exchange 2013 on a standalone AD.

    I have tried the solutions on this page but nothing is working.

    Is there anything I have missed

    Wednesday, January 29, 2014 11:59 PM
  • The problem is solved by updating service pack 1

    also make sure only basic authentication is enabled for owa and ecp.


    Sajjad

    Tuesday, April 08, 2014 8:53 PM