none
OWA/ECP HTTP Error 503. The service is unavailable

    Question

  • hello all,

    when i try to open ecp or owa i get this error: HTTP Error 503. The service is unavailable (the login screen won't even show up)

    i already search in some other forum topics and solutions, and tried:

    removing and adding ssl certificates, check appools running inside iis, iisreset, server reboot

    check all exchange server services running

    the only log related i could find is inside system32/logfiles/HTTPERR

    *IP* 58984 *IP* 443 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?8635823658-527358235@mail.com:6001 503 - N/A -

    *IP* 50537 *IP* 443 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?8635823658-527358235@mail.com:6004 503 - N/A -

    system specs:

    Windows Server 2012R2 64Bits - Exchange Server 2013 SP1 - IIS Versión 6.2 (Compilación 9200)

    i dont know what else to look for.

    thanks in advance

    martin



    • Edited by Ramstin Friday, March 23, 2018 2:29 PM
    Friday, March 23, 2018 2:26 PM

All replies

  • Hello,

    Please try to remove the Ip address 127.0.0.1 from IIS bending both for HTTP and HTTPS

    If not working, make sure that when address is inserted , the certificate is also added

    Best regards

    Yassine BOUNIF



    Friday, March 23, 2018 3:46 PM
  • Make sure the Back End Web Site has the Exchange self-signed certificate bound to HTTPS.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Friday, March 23, 2018 4:02 PM
    Moderator
  • Hi,

    Apart from the above mentioned suggestions, please reset the ECP and OWA VD in EAC:

    If issue persists, try to access OWA or ECP page, then go to event viewer to check if there is any related events.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 26, 2018 8:48 AM
    Moderator
  • hi all, thanks for your answers.

    i removed the 127.0.0.1 from http and https bindings, leaving ssl from CA in the default web site and the self-signed in the back end.

    i also did the owa/ecp VD reset from another server (aka server 1) that is working fine (because i cant open ecp from the one that is failing, aka server 2), i selected the server 2, and did the VD resets.

    i cand find anything useful in the event viewer, i just see this inside the system32/logfiles/HTTPERR

    now i see some changes inside that log.

    the same RPC_IN_DATA /rpc/rpcproxy.dll 503 as before, and these two.

    400 2 Connection_Dropped_List_Full MSExchangeRpcProxyAppPool

    400 2 BadRequest MSExchangeRpcProxyAppPool

    i will add some prints as soon as i can.

    Monday, March 26, 2018 3:32 PM
  • hi all, thanks for your answers.

    i removed the 127.0.0.1 from http and https bindings, leaving ssl from CA in the default web site and the self-signed in the back end.

    i also did the owa/ecp VD reset from another server (aka server 1) that is working fine (because i cant open ecp from the one that is failing, aka server 2), i selected the server 2, and did the VD resets.

    i cand find anything useful in the event viewer, i just see this inside the system32/logfiles/HTTPERR

    now i see some changes inside that log.

    the same RPC_IN_DATA /rpc/rpcproxy.dll 503 as before, and these two.

    400 2 Connection_Dropped_List_Full MSExchangeRpcProxyAppPool

    400 2 BadRequest MSExchangeRpcProxyAppPool

    i will add some prints as soon as i can.

    Have you tried this?
    "HTTP 400 Bad Request" error when proxying HTTP requests from an Exchange Server to a previous version of Exchange Server

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 26, 2018 4:12 PM
    Moderator
  • i checked the parameters in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

    and they are both ok

    MaxFieldLength

    DWORD

    65536

    Decimal

    MaxRequestBytes  DWORD 65536 Decimal


    i dont know how to check this:

    "Reduce the number of Active Directory groups that are assigned to the user."

    but we dont have many users or groups in our AD, and the other CAS server is working fine so i dont think this could be an issue related with the user groups, because both CAS use the same AD.

    Tuesday, March 27, 2018 6:48 PM
  • Hi,

    Please recreate the OWA/ECP virtual directory by running:

    Remove-OwaVirtualDirectory “Server\owa (Default Web Site)”
    New-OwaVirtualDirectory  -InternalUrl “InternalURL” -ExternalUrl “InternalURL”
    
    Remove-EcpVirtualDirectory “Server\ecp (Default Web Site)”
    New-EcpVirtualDirectory  -InternalUrl “InternalURL” -ExternalUrl “InternalURL”

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, March 29, 2018 6:08 PM
    Moderator
  • I tried recreating the the OWA/ECP virtual directory but still no luck..
    Wednesday, June 13, 2018 2:49 AM
  • Hi.

    If i have domain name, for example, kalina.ru and exchange server with name forth.b26.kalina.ru - shoud i set ExternalUrl to kalina.ru and InetrnalUrl to forth.b26.kalina.ru or for both External and Internal i shoud set the same name kalina.ru?

    thx.

    Monday, June 18, 2018 12:35 AM
  • "kalina.ru" isn't a URL.  For OWA, it would be something like "https://forth.b26.kalina.ru/owa".

    The InternalURL would the URL that clients use inside your network and ExternalURL would be the URL that clients use outside your network.  They can be the same.

    However, for OWA and ECP, it really doesn't matter what you specify for the InternalURL and ExternalURL because those properties are supplied only to clients that connect with Autodiscover.  Whatever you type into the browser will work, although if the hostname in the URL doesn't match what's in your certificate, users will get a certificate warning that they'll have to get past.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, June 18, 2018 4:52 AM
    Moderator
  • Ed, but why i can't use the same address https://kalina.ru/owa for InternalUrl and ExternalUrl? When i use different addresses: https://forth.b26.kalina.ru/owa for Internal and https://kalina.ru/owa for External - outlook from outer network says that wrong certificate from forth.b26.kalina.ru but i try connect not from local net! I use GeoTrust cert on my exchange. And when users use outlook in local net - periodically they got message about wrong certificate.

    Thx.

    Monday, June 18, 2018 10:15 AM
  • Does kalina.ru point to your Exchange server?  Is kalina.ru a name in your certificate?  If the answer to either question is "no", then it's a bad idea to put that name in the URLs.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, June 20, 2018 6:00 AM
    Moderator
  • Does kalina.ru point to your Exchange server?  Is kalina.ru a name in your certificate?  If the answer to either question is "no", then it's a bad idea to put that name in the URLs.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    The server is accessible by this name (kalina.ru) from the Internet. And certificate is issued with the names *.kalina.ru and kalina.ru by GeoTrust.
    Outllok Anywhere pointed to kalina.ru (external) and mail.kalina.ru (internal). Other virtual directories use the same names in internalURL and externalURL. But Outlook shows certificate warnings with name forth.b26.kalina.ru (full name of Exchange server in domain). When i check connection by Outlook - results shows only names kalina.ru and mail.kalina.ru and i dont understand why Outlook says about forth.b26.kalina.ru.


    Wednesday, June 20, 2018 11:31 PM
  • That would mean that the name forth.b26.kalina.ru is defined in one of the virtual directories' URLs or in Outlook Anywhere.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Friday, June 22, 2018 2:11 PM
    Moderator
  • That would mean that the name forth.b26.kalina.ru is defined in one of the virtual directories' URLs or in Outlook Anywhere.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Hello.

    No, i've checked - all settings points to right URLs.
    Get-ExchangeURLS also shows only kalina.ru and mail.kalina.ru :(

    Saturday, June 23, 2018 7:27 AM