Can't login to Admin Center (ecp) after new install of Exchange 2013


  • Greetings.  I have recently installed Exchange 2013 in a stand-alone Server 2012 VM.  The VM acts as a domain controller (this is a development environment only).  I installed both roles during the installation and have upgraded to CU1.  I can successfully login to OWA at __ (underscores to bypass this forum's URL rules only) as ADVENTUREWORKS\Administrator (Administrator in this VM is a domain admin).  OWA loads fine and shows an empty mailbox/calendar.  I can also successfully login to __ but this just shows mail settings, not the ECP site I was expecting. 

    The problem I'm having is that when I put in my credentials to __ (the main ECP site), the browser flickers and immediately takes me back to the ECP login page.  If I put in an invalid password for this account, it properly displays the error message and asks to enter it again.  I can successfully connect to the server via Exchange power shell but not ECP UI.  The ECP virtual directory (under default web site) has Anonymous and Basic enabled, and all other authentication providers disabled.  I have tried multiple browsers with no luck.  There are a few blogs/forums out in the intranets that have similar problems to this, but none of the suggestions have resolved my issue.  Thanks for any feedback.

    Friday, July 19, 2013 2:40 PM


All replies

  • Hi Eric,

    Please try the following..

    Use this command to verify the location of your ECP Virtual Directory
    Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL

    Set your permissions as required
    Set-ECPVirtualDirectory -Identity "InternalCAS\ecp (default web site)" -AdminEnabled $True

    Dame Luthas, ITILv3, MCSE Messaging 2013, MCSA, MCITP

    My Technical Blog:

    Discipline is the Difference between Goals and Accomplishments..

    Friday, July 19, 2013 2:49 PM
  • Thanks for the quick response but no luck:

    Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL
    Name        : ecp (Default Web Site)
    InternalUrl :
    ExternalUrl :

    Set-ECPVirtualDirectory -Identity "ecp (Default Web Site)" -AdminEnabled $True
    WARNING: The command completed successfully but no settings of 'DC\ecp (Default Web Site)' have been modified.

    • Proposed as answer by Zer0 G Thursday, February 12, 2015 10:08 PM
    • Unproposed as answer by Zer0 G Thursday, February 12, 2015 10:08 PM
    Friday, July 19, 2013 2:56 PM
  • This is the only Exchange Server in the Org correct?

    If so.. create a new Adm account in AD and give it Exchange Organization Administrators rights.

    Then log into the ECP with the new account.

    Dame Luthas, ITILv3, MCSE Messaging 2013, MCSA, MCITP

    My Technical Blog:

    Discipline is the Difference between Goals and Accomplishments..

    • Edited by Dame Luthas Friday, July 19, 2013 3:04 PM error
    Friday, July 19, 2013 3:03 PM
  • Thanks again for the help.  Yes, this is the only instance of Exchange that has ever been installed on this VM.  As far as the 'Exchange Organization Administrators' rights, I'm not 100% sure what you're referring to, as I don't see that role in my environment:

    Name                          AssignedRoles                 RoleAssignments               ManagedBy
    ----                          -------------                 ---------------               ---------
    Organization Management       {Active Directory Permissi... {Active Directory Permissi... {
    Recipient Management          {Distribution Groups, Mail... {Distribution Groups-Recip... {
    View-Only Organization Man... {Monitoring, View-Only Con... {Monitoring-View-Only Orga... {
    Public Folder Management      {Mail Enabled Public Folde... {Mail Enabled Public Folde... {
    UM Management                 {UM Mailboxes, UM Prompts,... {UM Mailboxes-UM Managemen... {
    Help Desk                     {User Options, View-Only R... {User Options-Help Desk, V... {
    Records Management            {Audit Logs, Journaling, M... {Audit Logs-Records Manage... {
    Discovery Management          {Legal Hold, Mailbox Search}  {Legal Hold-Discovery Mana... {
    Server Management             {Database Copies, Database... {Database Copies-Server Ma... {
    Delegated Setup               {View-Only Configuration}     {View-Only Configuration-D... {
    Hygiene Management            {ApplicationImpersonation,... {ApplicationImpersonation-... {
    Compliance Management         {Data Loss Prevention, Inf... {Data Loss Prevention-Comp... {

    Regardless, I created a new AD account named adventureworks\exchangeadmin.  I added this user to the 'Organization Management' group in the 'Microsoft Exchange Security Groups' OU in Active Directory.  I then run the following command and can see the user here.  Is this what you are referring to?  If so, I can't login to ecp with this user (screen flickers and transfers back to login) either.  It looks like this is an IIS issue but not really sure.

    Get-RoleGroup "Organization Management" | Format-List
    RunspaceId                  : 6618dcd9-9796-407f-9ad8-0606d8236a35
    ManagedBy                   : { Exchange Security Groups/Organization Management}
    RoleAssignments             : {Active Directory Permissions-Organization Management-Delegating, Active Directory
                                  Permissions-Organization Management, Address Lists-Organization Management-Delegating,
                                  Address Lists-Organization Management, ApplicationImpersonation-Organization
                                  Management-Delegating, ArchiveApplication-Organization Management-Delegating, Audit
                                  Logs-Organization Management-Delegating, Audit Logs-Organization Management, Cmdlet
                                  Extension Agents-Organization Management-Delegating, Cmdlet Extension
                                  Agents-Organization Management, Data Loss Prevention-Organization Management-Delegating,
                                  Data Loss Prevention-Organization Management, Database Availability Groups-Organization
                                  Management-Delegating, Database Availability Groups-Organization Management, Database
                                  Copies-Organization Management-Delegating, Database Copies-Organization Management...}
    Roles                       : {Active Directory Permissions, Address Lists, ApplicationImpersonation,
                                  ArchiveApplication, Audit Logs, Cmdlet Extension Agents, Data Loss Prevention, Database
                                  Availability Groups, Database Copies, Databases, Disaster Recovery, Distribution Groups,
                                  Edge Subscriptions, E-Mail Address Policies, Exchange Connectors, Exchange Server
    DisplayName                 :
    ExternalDirectoryObjectId   :
    Members                     : {,}
    SamAccountName              : Organization Management
    Description                 : Members of this management role group have permissions to manage Exchange objects and
                                  their properties in the Exchange organization. Members can also delegate role groups and
                                  management roles in the organization. This role group shouldn't be deleted.
    RoleGroupType               : Standard
    LinkedGroup                 :
    Capabilities                : {}
    LinkedPartnerGroupId        :
    LinkedPartnerOrganizationId :
    Identity                    : Exchange Security Groups/Organization Management
    IsValid                     : True
    ExchangeVersion             : 0.10 (
    Name                        : Organization Management
    DistinguishedName           : CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=adventureworks,DC=com
    Guid                        : 1924b79e-1790-4643-96b0-b4372b64db1f
    ObjectCategory              :
    ObjectClass                 : {top, group}
    WhenChanged                 : 7/19/2013 12:07:11 PM
    WhenCreated                 : 7/18/2013 12:11:10 PM
    WhenChangedUTC              : 7/19/2013 4:07:11 PM
    WhenCreatedUTC              : 7/18/2013 4:11:10 PM
    OrganizationId              :
    OriginatingServer           :
    ObjectState                 : Changed

    Friday, July 19, 2013 4:12 PM
  • Hi,

    It should be the ECP Virtual Directory issue. We can rebuild ECP VD to refresh all the settings to default.

    Following articles are about how to rebuild ECP Virtual Directory



    Hope it is helpful.

    If you are satisfied with my solution, please mark as an answer.



    • Marked as answer by Eric Eichler Tuesday, July 23, 2013 7:09 PM
    Monday, July 22, 2013 9:18 AM
  • Add the new account to Organization Management AD group to get full Exchange rights. Try with a new account which has this membership and if it still fails, re-create the virtual directory as explained above.

    There have been few issues reported with Exchange 2013 running on a DC, but it is supported and hence should work ;-)

    Rajith Enchiparambil | |


    Monday, July 22, 2013 10:14 AM
  • Nice!

    Dame Luthas, ITILv3, MCSE Messaging 2013, MCSA, MCITP

    My Technical Blog:

    Discipline is the Difference between Goals and Accomplishments

    If this post is useful, please hit the green arrow on the left & if this is the answer hit "mark as answer"

    Monday, July 22, 2013 11:39 AM
  • I experienced the same thing. New Exchange install and boom! - blank ECP page. I created another admin account, gave it exchange organization rights in AD, reboot Exchange 2013 CAS and logged in successfully!
    Thursday, October 31, 2013 3:12 PM
  • ok, wondering if anyone can help me with this.

    I got the same problem, still can't login to Exchange admin or Outlook Web app.

    It is a new install of Exchange 2013 on a standalone AD.

    I have tried the solutions on this page but nothing is working.

    Is there anything I have missed

    Wednesday, January 29, 2014 11:59 PM
  • The problem is solved by updating service pack 1

    also make sure only basic authentication is enabled for owa and ecp.


    Tuesday, April 08, 2014 8:53 PM
  • I found the issue to be in my case that there was a CA in the environment giving out computer certificates for each PC that joined the domain. FOr some reason the Exchange install picked this certificate up and bind it to both back end and default website.

    Revoked that cert and assigned a new one to the default and back end - flying now.

    • Proposed as answer by Jack Frosty Sunday, June 05, 2016 3:56 PM
    Wednesday, September 09, 2015 8:39 AM
  • Also make sure that the proper cert is assigned to port 444 binding within IIS on the Exchange Back End "site".

    If you replace the default Self Signed Certificate, this binding is broken. Assign the new cert, reset IIS. Life is good.

    Friday, August 19, 2016 9:37 PM
  • The group is called Organization Management. Which give you access to /ECP


    Friday, November 04, 2016 12:45 PM
  • If anyone got this problem recently.

    it is because of IIS authentication methods. please be advised that Basic Authentication on both Default website and Exchange Back End should be enabled.

    using IIS manager: left click on Exchange Back End --> from right pan, on IIS section select Authentication --> make sure Basic Authentication is enabled. do the same thing for default website too.

    Monday, November 20, 2017 3:20 AM