locked
I can´t access EAC by CAS name server RRS feed

  • Question

  • Hi people,

    I´ve just installed my new Exchange 2013 SP1 environment in a new domain.

    I´ve installed two Mailbox server and two Client Access servers, I´ve started the installation with two mailbox serves and to continue I´ve installed the Client Access servers. When I finished the installation in each server I restarted it.

    Now, my problema is the Access to Exchange Administration Center.

    I´m trying with https://servercas1.domain.local/ecp or https://servercas2.domain.local/ecp

    In both cases, Internet explorer sais "this page can´t be displayed"

    I´ve checked the Ecpvirtualdirectory in PowerShell, and internal url is correct: https://servercas1.domain.local/ecp in the first CAS and https://servercas2.domain.local/ecp in the second CAS.

    I´ve tried Access by IP, but with the same result...

    Finally, I´ve tried the Access with https://localhost/ecp and it Works!

    But... I want to Access by name, no by localhost....

    Someone knows why I can´t Access by name??

    I understand the Access to EAC is only possible through the CAS, because in the Mailbox doesnt work it, right?

    Thanks and Best regards.

    Wednesday, January 14, 2015 10:52 AM

Answers

  • Hi mates!

    Finally I fix the problem. The Exchange servers had a proxy server configured...

    I´ve unchecked "Use a proxy server..." and It works!! I can access by name and IP in EAC and OWA...

    Thanks for your help.

    • Marked as answer by Tropoglar Wednesday, February 25, 2015 9:48 AM
    Wednesday, February 25, 2015 9:48 AM

All replies

  • Have you tried to Connect to https://servermbx1.domain.local/ecp ?
    Wednesday, January 14, 2015 11:13 AM
  • Maybe you can check your certificate in IIS. (bindings)
    Wednesday, January 14, 2015 11:17 AM
  • Hi, There is local DNS issue and you have to make below given entry in local host file. Follow the following step. 1-Go to run-and type DRIVERS Then press enter after that drivers folder will open 2-open the ETC folder after that there is host file. 3-open the host file in notepad 4-and make below given entry in host and then save the file. Servercas1.domain.local 10.0.0.10 Then try to open the url Regards, Ravindra kr.
    Wednesday, January 14, 2015 11:36 AM
  • Hi Eirik and Ahuibers.

    I´ve tried to connect to https://servermbx1.domain.local/ecp and with the same result "this page can´t be displayed"

    In the IIS bindings for Site "Default Web Site" in servercas has:

      

    The Certificate is Microsoft Exchange....

    Your CAS Bindings is like my CAS Bindings??

    I haven´t done any changes... this is the configuration by default...

    I understand I will have to add in these bindings, the name of the CAS in Host Name... But it´s strange right?

    Thanks.

    Wednesday, January 14, 2015 11:36 AM
  • Hi Exchange Specialist,

    I dont think so there is a local DNS issue. DNS is working all right. The access through IP fail as well.

    However I´ve addedd in the host file the IP and Name of Casserver:

    10.10.10.10     servercas1.domain.local

    And i´ve tried again with the same result...

    Wednesday, January 14, 2015 11:50 AM
  • aren there any different options in IIS bindings on HTTPS and the HTTPS variant 127.0.0.1?
    Wednesday, January 14, 2015 12:07 PM
  • What about reset a virtual directory?

    http://technet.microsoft.com/en-us/library/ff629372.aspx

    Wednesday, January 14, 2015 12:11 PM
  • Hi Ahuibers,

    There isnt any different option. This is Site Binding for HTTPS:

    This is Site Binding with variant 127.0.0.1

    Eirik... how is possible the virtual directories are corrupt? I´ve just finished Exchange 2013 SP1 installation without errors...

    I´ll try to reset it... but I´m very surprised...

    Thanks

    Wednesday, January 14, 2015 12:32 PM
  • Are all exchange services running? Have you try a server reboot.

    Reset the virtual directory is also an option, as Erik says. It is strange because it is a new installation but give it a try. ;)

    Wednesday, January 14, 2015 12:35 PM
  • Hi,

    I checked Exchange Services in my CAS:

    To carry on I´ve reset ECP Virtual Directory:

    1.- Remove-EcpVirtualDirectory -Identity "servercas1\ecp (Default Web Site)"

    2.- New-EcpVirtualDirectory -Server servercas1 -InternalUrl https://servercas1.domain.local/ecp

    3.- IISRESET

    But It doesnt work... When I try to access https://servercas1.domain.local/ecp it fails...

    If I try with https://localhost/ecp It works.

    Is the same case in both CAS Servers.. servercas1 and servercas2...

    Wednesday, January 14, 2015 3:07 PM
  • Have you tried it from another pc?

    What is the exact error you get?

    is IE Enhanced Security Configuration turned off?

    try: https://servercas1/ecp/?ExchClientVer=15


    After reset the directory you have to check certificates in IIS again.
    • Edited by AWH84 Wednesday, January 14, 2015 3:23 PM
    Wednesday, January 14, 2015 3:16 PM
  • Hi,

    Yes I´ve tried it from another computer different to CAS... with the same result.

    This is the error:

    Yes, IE Enhanced Security Configuration is off for administrators and users.

    I´ve tried with https://servercas1/ecp/?ExchClientVer=15 with the same result...

    I´ve checked certificate in IIS and for binding 443 has SSL Certificate (Microsoft Exchange).

    After reset ECP Virtual Directory... the result is the same thant the begining... only works with https://localhost/ecp

    Wednesday, January 14, 2015 3:33 PM
  • In ECP go to servers, and then Certificates.

    Verify that the one that have Assigned to service IIS is the same you have selected in IIS.


    Also check on that page the Subject Alternative Names by opening that certificate. there must be records you are using in IE.
    • Edited by AWH84 Wednesday, January 14, 2015 4:03 PM
    Wednesday, January 14, 2015 3:48 PM
  • Wuou.. unbelievable... After reset the ECP.. when I login in the EAC it fails with HTTP 500 Internal Server Error...
    Wednesday, January 14, 2015 4:07 PM
  • I have edited my reply.. Is OWA working by the way?
    Wednesday, January 14, 2015 4:12 PM
  • Now, when I try to access OWA (https://localhost/owa) it fails with HTTP 500 Internal Server Error as well...
    Wednesday, January 14, 2015 4:22 PM
  • Is your authentication method on OWA vir. dir. different from ECP vir.dir?

    From https://social.technet.microsoft.com/Forums/exchange/en-US/2f64d305-e9e2-4f48-a5b4-4f72d7bca801/exchange-2013-owaecp-http-500-internal-server-error?forum=exchangesvrclients Winnie is writing.

    Please check on the Application Pools to view whether OWA
    and ECP Application Pool is running on .NET Framework v4.0. It maybe
    the incompletely installation of Framework that causes this error.

    If so, We can try to run the following command as Administrator:

    %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

    Or change the MSExchangeECPAppPool from .NET Framework from v4.0 to v2.0. Then restart IIS to have a try.

    Does this apply to your Exchange installation?

    Wednesday, January 14, 2015 6:38 PM
  • Information above is from Winnie Liang

    Hi,

    Please check on the Application Pools to view whether OWA and ECP Application Pool is running on .NET Framework v4.0. It maybe the incompletely installation of Framework that causes this error.

    If so, We can try to run the following command as Administrator:

    %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

    Or change the MSExchangeECPAppPool from .NET Framework from v4.0 to v2.0. Then restart IIS to have a try.

    Regards,


    Winnie Liang
    TechNet Community Support

    Thursday, January 15, 2015 7:22 AM
  • Hi Eirik,

    The authentication method on OWA and ECP vir. dir. is the same:

    OWA:

    ClientAuthCleanupLevel        : High
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}

    ECP:

    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}

    I´ve checked the Applications Pools on OWA & ECP and both running on .NET Framework v4.0.

    I´ve tried to run this command:

    %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

    But this option is not supported with Windows Server 2012 R2:

    C:\Windows\system32>%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.ex
    e -i
    Microsoft (R) ASP.NET RegIIS version 4.0.30319.33440
    Administration utility to install and uninstall ASP.NET on the local machine.
    Copyright (C) Microsoft Corporation.  All rights reserved.
    Start installing ASP.NET (4.0.30319.33440).
    This option is not supported on this version of the operating system.  Administr
    ators should instead install/uninstall ASP.NET 4.5 with IIS8 using the "Turn Win
    dows Features On/Off" dialog,  the Server Manager management tool, or the dism.e
    xe command line tool.  For more details please see http://go.microsoft.com/fwlin
    k/?LinkID=216771.
    Finished installing ASP.NET (4.0.30319.33440).

    I don´t understand something. I have 4 servers, 2 Mailboxes and 2 Client Access. I run reset OWA and ECP virtual directories only in one of the CAS Server. Although if I access to the other CAS Server I have the same problem (HTTP 500 Error).

    Have I to run reset virtual directories in all CAS Servers? And In all Mailboxes Servers? 

    I dont understand how is possible this occurs in new Installation and clean installation without errors...

    Thanks

    Thursday, January 15, 2015 7:34 AM
  • Hi Tropoglar,

    According to your description, I understand that cannot open ECP login page with servername, however it works with "https://localhost/ecp".
    If I misunderstand your concern, please do not hesitate to let me know.

    Microsoft do not recommend install the Exchange server on a Domain controller, more details please refer to:
    http://technet.microsoft.com/en-us/library/ms.exch.setupreadiness.warninginstallexchangerolesondomaincontroller(v=exchg.150).aspx

    For HTTP 500 error, please run following command to double check the authentication methods:
    Get-EcpVirtualDirectory | FL Identity,*auth*,*URL*
    Then please run “iisreset” after modify the setting of virtual directory.

    For your primary question, please try to open CMD and run “Ping CAS1’Servername”.
    Then open DNS Manager and double check whether there is a existing recording for CAS1 server and CAS2 server.
    If not, please right click and select “New Host (A or AAAA)” with correct IP address.

    Best Regards,
    Allen Wang

    Thursday, January 15, 2015 8:34 AM
  • Hi Allen,

    First of all, thanks for your reply.

    In my first message I wrote about my Environment, this is:

    - 2 Servers DCs (2012 R2 with 2012R domain/forest level)

    - 2 Servers Mailboxes Exchange Server 2013 SP1 (Windows Server 2012 R2)

    - 2 Servers Client Access Exchange Server 2013 SP1 (Windows Server 2012 R2)

    My stepts to installation were:

    1.- Install new DC and create new domain. After this install second DC in the same domain.

    2.- Install OS in 4 servers for Exchange with Windows Server 2012 R2. Join these servers in domain.

    3.- Install Prerequisites in 4 Exchange Servers:

    Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

    4.- Install Microsoft Unified Communications Managed API 4.0 in 4 Exchange Servers.

    5.- Install Microsoft Office 2010 Filter Pack x64 and SP1 only in 2 Mailbox Servers

    6.- Extend Active Directory Schema: 

    Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

    7.- Prepare Active Directory:

    Setup.exe /PrepareAD /OrganizationName:"Exchange Organization" /IAcceptExchangeServerLicenseTerms

    8.- Prepare Domain:

    setup /PrepareAD /IAcceptExchangeServerLicenseTerms

    9.- Install Exchange Server 2013 SP1 in 2 Mailbox Servers

    10.- Install Exchange Server 2013 SP1 in 2 Client Access Servers

    11.- Reboot all Exchange Servers when finished the installation


    After this, when I tried to access to Exchange Admin Center with https://servercas1.domain.local/ecp or https://servercas2.domain.local/ecp 

    It fails with "this page can´t be displayed"

    Only worked with https://localhost/ecp

    In this moment is when I decided to write in the forum to share my problem. And I follow your recommendations...

    But in this moment I can´t access Exchange Admin Center, about a problem with authentication...

    This is the result for Get-EcpVirtualDirectory | FL Identity,*auth*,*URL*

    Identity                      : servercas1\ecp (Default Web Site)
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}
    InternalUrl                   : https://servercas1.domain.local/ecp
    ExternalUrl                   :

    Identity                      : servercas2\ecp (Default Web Site)
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}
    InternalUrl                   : https://servercas2.domain.local/ecp
    ExternalUrl                   :

    I don´t have ayn problem with DNS... It works!

    Thanks for your reply

    Best Regards,



    Thursday, January 15, 2015 9:11 AM
  • Can this help for error 500?

    Thursday, January 15, 2015 9:44 AM
  • Hi Ahuibers,

    In my case, I don´t have any error in Application Event viewer.

    This is the value I have in CanaryData:

    At the beggining I could access Exchange admin Center and login it, only by localhost, but after reset ECP and OWA virtual directories, I think I have a authentication problem, because i can access login page, when I try to login with bad password, it advices me:

    The user name or password you entered isn´t correct. Try entering it again.

    But when I login with good password, it fails with HTTP 500 Internal Server Error:


    Thursday, January 15, 2015 10:52 AM
  • As I see in your previous post this is not correct:

    Check the ECP Virtual Directory configured correct Authentication

    It should enabled windows authentication

    Form based authentication should be disabled.

    See this for more information


    • Edited by AWH84 Thursday, January 15, 2015 10:59 AM
    Thursday, January 15, 2015 10:59 AM
  • Hi ahuibers,

    I´ve checked your response and the information in this URL.

    It sais to run: Set-Owavirtualdirectory -identity "Exch15hub\owa (Exchange Back End)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

    But in my Client Access Servers, Owa Vir. Dir. isn´t in Exchange Back End, it is in Default Web Site. The same happens with ECP vir. dir.

    I run:

    Set-Owavirtualdirectory -identity "servercas1\owa (Default Web Site)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

    Set-Owavirtualdirectory -identity "servercas2\owa (Default Web Site)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

    After this I did a IISRESET. To continue I´ve tried to access Exchange Admin Center, but it didn´t work, even i didn´t appear Login Page.

    I did authentication rollback in my CAS and I´m in the same situation before run this change, Login Page appear but when i try to login It fails.

    I thing my problem is the ECP, OWA vir. dir. in Mailboxes, is possible?

    This is the authetication configuracion en all Exchange Servers now:

    For CAS:

    Identity                      : servercas1\ecp (Default Web Site)
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}
    InternalUrl                   : https://servercas1.ppps.local/ecp
    ExternalUrl                   :

    Identity                      : servercas2\ecp (Default Web Site)
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}
    InternalUrl                   : https://servercas2.ppps.local/ecp
    ExternalUrl                   :

    For Mailboxes ECP:


    For Mailboxes OWA:


     

     

    Thursday, January 15, 2015 12:00 PM
  • okay,  ECP is working again on localhost. Now you can try my prevous post:

    In ECP go to servers, and then Certificates.

    Verify that the one that have Assigned to service IIS is the same you have selected in IIS.


     Also check on that page the  Subject Alternative Names by opening that certificate. there must be records you are using in IE.

    Thursday, January 15, 2015 12:09 PM
  • No no... sorry Probably I havent explain correctly...

    Now I can access to login page.. but when I try to login with username and password it fails with HTTP 500 internal server error...

    This happens since I did a reset ECP and OWA virtual directory....

    Thanks.

    Thursday, January 15, 2015 12:29 PM
  • Okay, you are very pretty complete in your replies. I must read a bit better your answers.. ;) 

    A qoute from Marshall Lucas:

    link

    I opened a case with Microsoft.  After 3 days and over 15 hours on the phone they were able to resolve the problem.  They had to use ADSI edit to remove the canary data for the domain.

    I tried rebuilding the virtual directories, building a new CAS server, a new mailbox server and a new server with both roles installed.  I created a new database and new users in that database and used the new CAS server but the problem continued which led us to believe it was something being obtained from Active Directory.  We finally figured out the problem was in the properties of an object in ADSI. 

    You have to open the ADSI editor on the primary domain controller (start-->administrative tools-->ADSI edit), go to CN=Services --> CN=Microsoft Exchange --> CN=<Your Site Name>  Right click CN=Client Access and click properties.  Scroll down to msExchCanaryData0.  You have to click edit and copy the data from Data0, Data1 and Data2 (you may have more or less) to a notepad file.  Then erase the data from those settings.  Now log onto the CAS server and open IIS management.  Go to application pools and  right click MSExchangeOWAAppPool and click Recycling.  Then restart all of the mailbox servers. 

    It's a great idea to take a system state backup before performing these steps as editing ADSI data is risky. 


    Thursday, January 15, 2015 1:01 PM
  • Hi,

    Sorry for delay.

    Please try to open Control Panel\Programs\Programs and Features and double check whether there is an program named Microsoft Visual C++ Redistributable.
    This program will be auto-installed when install Unified Communications Managed API 4.0 Runtime. More de details about it, please refer to Install Instructions section in below link:
    http://www.microsoft.com/en-AU/download/details.aspx?id=34992

    If no, please manual download and install this software for testing.

    Best Regards,
    Allen Wang

    • Proposed as answer by Allen_WangJF Monday, January 26, 2015 3:41 PM
    • Marked as answer by Mavis_Huang Tuesday, January 27, 2015 4:36 AM
    • Unmarked as answer by Tropoglar Tuesday, January 27, 2015 7:46 AM
    • Unproposed as answer by Tropoglar Tuesday, January 27, 2015 7:46 AM
    Wednesday, January 21, 2015 7:40 AM
  • Hi,

    Excuse me but... this is not the solution...

    Finally, I´ve started again the installation of Exchange 2013... I hope this time it works fine!

    • Proposed as answer by AWH84 Tuesday, January 27, 2015 7:43 AM
    Tuesday, January 27, 2015 7:42 AM
  • Just curious. Did you try to mess around with the authentication in Exchange to see if that did any difference?

    I’v seen HTTP 500 error before, but when Windows Auth was enabled. Then I did change the providers, in IIS to get it to work.

    Tuesday, January 27, 2015 8:36 AM
  • Hi,

    I´ve just finished a new installation, fresh installation of Exchange Server 2013 SP1. With new domain, new DCs...

    Domain Info:

    - OS: Windows Server 2012 R2

    - Domain/Forest Level: 2012 R2

    - DNS, GC, Define Subnet in Sites & Services...

    Exchange Info:

    - OS: Windows Server 2012 R2

    - 2 servers, one Mailbox and one CAS.

    My steps for installing Exchange:

    1.- Install-WindowsFeature RSAT-ADDS (In both Exchange Servers)

    2.- Install Prerequisites for Exchange (In both Exchange Servers):

    Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

    3.- Restart Servers

    4.- Install Microsoft Unified Communications Managed API 4.0 in both Servers

    5.- Prepare Schema: Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

    6.- Prepare Active Directory: Setup.exe /PrepareAD /OrganizationName:"Exchange Org" /IAcceptExchangeServerLicenseTerms

    7.- Prepare Domain: setup /PrepareAD /IAcceptExchangeServerLicenseTerms

    8.- Replicate DCs

    9.- Install Mailbox Server

    10.- Restart Mailbox Server when finished the installation

    11.- Install Client Access Server

    12.- Restar Client Access Server when finished the installation

    13.- Try to access EAC from CAS Server with: https://cas01/ecp/?ExchClientVer=15

    But it FAILS. "This Page can´t be displayed"

    14.- Try to access EAC from IP CAS Server with: https://xxx.xxx.xxx.xxx/ecp/?ExchClientVer=15

    But it FAILS. "This Page can´t be displayed"

    14.- Try to access EAC from CAS Server with https://localhost/ecp/?ExchClientVer=15

    It works!

    15.- Try to access EAC from CAS Server with https://127.0.0.1/ecp/?ExchClientVer=15

    It works!

    These are the bindings from CAS (Default Web Site):

    These are the certificates in EAC for Exchange:

    I can´t believe, it happens the same that in the past... but it´s true...

    I can´t access EAC by name neither by IP... only by localhost or IP loopback...

    Tuesday, January 27, 2015 3:19 PM
  • Hi mates!

    Finally I fix the problem. The Exchange servers had a proxy server configured...

    I´ve unchecked "Use a proxy server..." and It works!! I can access by name and IP in EAC and OWA...

    Thanks for your help.

    • Marked as answer by Tropoglar Wednesday, February 25, 2015 9:48 AM
    Wednesday, February 25, 2015 9:48 AM