none
Exchange 2013 Server - Virtual Directories Settings in EAC/ECP RRS feed

  • Question

  • I removed our OWA and ECP virtual directories from Default Web Site to remove access from the outside world. Then created a new Website, assigned to a 2nd IP on the server's NIC. I added both OWA and ECP to the new site. We can access email from the new URL internally.

    I can login to Exchange Admin Center and manage everything EXCEPT when I go into Servers - Virtual Directories. The Virtual Directories that were not changed work as designed. The 2 I changed I click on then the window pops open with a 500.19 error in that small window.

    I need to correct that problem. I have found many articles about not being able to login to EAC this is not that. It's just the two directories management windows.

    Exchange 2013 (Build 1473.3) on Server 2012r2

    Thanks


    Kevin Skinner

    Monday, October 21, 2019 7:29 PM

All replies

  • Hi

    Why would you remove the virtual directories when you can just limit the traffic on your firewall? if you only allow port 25/587/110/143 etc. then you should be fine.

    Do you not access OWA externally at all? You can lock down the EAC but that would require some change in IIS.

    The fact that you remove it from the default site has confused everything. 


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, October 21, 2019 7:53 PM
    Moderator
  • We have users that run Outlook outside and from what I have seen (I am no means an expert) I need 443 open for that but we don't want OWA open from outside. So we moved it so it works inside AND we have a portal on our F/W that users login to using MFA and then they can access OWA once authenticated from outside. I hope that helps explain the thought process.

    it is all working now but I just found that the Virtual Directory settings won't connect in the UI.


    Kevin Skinner

    Monday, October 21, 2019 8:40 PM
  • We have users that run Outlook outside and from what I have seen (I am no means an expert) I need 443 open for that but we don't want OWA open from outside. So we moved it so it works inside AND we have a portal on our F/W that users login to using MFA and then they can access OWA once authenticated from outside. I hope that helps explain the thought process.

    it is all working now but I just found that the Virtual Directory settings won't connect in the UI.


    Kevin Skinner

    That is the issue, Exchange server retrieves the directory settings from IIS Default website, simply deleting it from IIS would lead to some unexpected errors. 

    We still suggest you rebuild the OWA and ECP virtual directory in Default website, there are many alternatives to block the external access of OWA and ECP, while the method you are using, from my point of view, is not that recommended.

    To block the external access of the ECP, please refer to the following link, which is also applied to Exchange 2013.

    I would recommend the second method in your case. 

    Turn off access to the Exchange admin center

    Besides, if your firewall and/or load balancer preserve the source IP address, you can use the IIS IP Address Restrictions feature on the owa and ecp virtual directories. You may need to add this role service before it shows up in IIS.

    https://blogs.msdn.microsoft.com/vpandey/2009/10/25/ipv4-address-and-domain-restrictions-feature-in-iis-7-0/

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, October 22, 2019 6:48 AM
    Moderator
  • Manu,

    I have setup the OWA and ECP like option 2 in your link. It still doesn't display the virtual directory config screen/window when I am in EAC. I am thinking I need to redirect it to look in the new location like you pointed out but am failing to find were I can make that edit.


    Kevin Skinner

    Tuesday, October 22, 2019 7:46 PM
  • Manu,

    I have setup the OWA and ECP like option 2 in your link. It still doesn't display the virtual directory config screen/window when I am in EAC. I am thinking I need to redirect it to look in the new location like you pointed out but am failing to find were I can make that edit.


    Kevin Skinner

    You mean the step 2 - option 2 in the following link: Turn off access to the Exchange admin center?

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, October 23, 2019 9:09 AM
    Moderator
  • Correct.

    Kevin Skinner

    Wednesday, October 23, 2019 12:43 PM
  • Correct.

    Kevin Skinner

    How did you browse the EAC? Via localhost or external URL? Same result?

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, October 25, 2019 9:04 AM
    Moderator
  • External access is shutdown. I was on the exchange server logging in.

    Kevin Skinner

    Friday, October 25, 2019 12:27 PM
  • Hi Kevin,

    Do you have the same issue with https://localhost/ecp and internal URL for ECP?

    If it's convenient for you, you can post the error page here and don't forget to cover your personal information.

    Please make sure you have assigned Read & Execute permissions to the local security group named IIS_IUSRS for your new site.

    Try to restart IIS and check if the issue persists.

    You can check Event Viewer for any related event logs. 

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, October 31, 2019 7:29 AM
    Moderator
  • Lydia,

    I can't even access ECP with localhost. I get a 404 Not Found error. Here is a screen shot of what I see when I am logged in and chose ECP or OWA under the new Site. The other Virtual Directories display the right hand window just fine.


    Kevin Skinner

    Thursday, October 31, 2019 3:00 PM
  • Hi Kevin,

    Please use the following command to check the configuration of ecp and owa virtual directory:

    Get-EcpVirtualDirectory|fl Get-OwaVirtualDirectory|fl

    You can post the result here and don't forget to cover your personal information.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, November 5, 2019 11:37 AM
    Moderator
  • [PS] C:\Windows\system32>Get-EcpVirtualDirectory |fl


    RunspaceId                      : 4a125c64-1988-4ca9-9c36-4bf8dc6695e6
    AdminEnabled                    : True
    OwaOptionsEnabled               : True
    Name                            : ecp (Internal OWA-ECP)
    InternalAuthenticationMethods   : {Basic, Fba}
    MetabasePath                    : IIS://servername.ad.adpress.com/W3SVC/3/ROOT/ecp
    BasicAuthentication             : True
    WindowsAuthentication           : False
    DigestAuthentication            : False
    FormsAuthentication             : True
    LiveIdAuthentication            : False
    AdfsAuthentication              : False
    OAuthAuthentication             : False
    DefaultDomain                   : ad.adpress.com
    GzipLevel                       : High
    WebSite                         : Internal OWA-ECP
    DisplayName                     : ecp
    Path                            : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp
    ExtendedProtectionTokenChecking : None
    ExtendedProtectionFlags         : {}
    ExtendedProtectionSPNList       : {}
    AdminDisplayVersion             : Version 15.0 (Build 1473.3)
    Server                          : servername
    InternalUrl                     : https://owa.adpress.com/ECP
    ExternalUrl                     : https://adpress.com/ecp
    ExternalAuthenticationMethods   : {Fba}
    AdminDisplayName                :
    ExchangeVersion                 : 0.10 (14.0.100.0)
    DistinguishedName               : CN=ecp (Internal OWA-ECP),CN=HTTP,CN=Protocols,CN=servername,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Advertisers
                                      Press,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=adpress,DC=com
    Identity                        : servername\ecp (Internal OWA-ECP)
    Guid                            : 636da594-c622-4956-ae9f-a91158acb256
    ObjectCategory                  : ad.adpress.com/Configuration/Schema/ms-Exch-ECP-Virtual-Directory
    ObjectClass                     : {top, msExchVirtualDirectory, msExchECPVirtualDirectory}
    WhenChanged                     : 10/22/2019 7:24:48 AM
    WhenCreated                     : 10/22/2019 7:19:37 AM
    WhenChangedUTC                  : 10/22/2019 12:24:48 PM
    WhenCreatedUTC                  : 10/22/2019 12:19:37 PM
    OrganizationId                  :
    Id                              : servername\ecp (Internal OWA-ECP)
    OriginatingServer               : servername2.ad.adpress.com
    IsValid                         : True
    ObjectState                     : Changed



    [PS] C:\Windows\system32>

    [PS] C:\Windows\system32>Get-owaVirtualDirectory |fl


    RunspaceId                                          : 4a125c64-1988-4ca9-9c36-4bf8dc6695e6
    DirectFileAccessOnPublicComputersEnabled            : True
    DirectFileAccessOnPrivateComputersEnabled           : True
    WebReadyDocumentViewingOnPublicComputersEnabled     : True
    WebReadyDocumentViewingOnPrivateComputersEnabled    : True
    ForceWebReadyDocumentViewingFirstOnPublicComputers  : False
    ForceWebReadyDocumentViewingFirstOnPrivateComputers : False
    WacViewingOnPublicComputersEnabled                  : True
    WacViewingOnPrivateComputersEnabled                 : True
    ForceWacViewingFirstOnPublicComputers               : False
    ForceWacViewingFirstOnPrivateComputers              : False
    RemoteDocumentsActionForUnknownServers              : Block
    ActionForUnknownFileAndMIMETypes                    : Allow
    WebReadyFileTypes                                   : {.xlsx, .pptx, .docx, .xls, .rtf, .ppt, .pps, .pdf, .dot, .doc}
    WebReadyMimeTypes                                   : {application/vnd.openxmlformats-officedocument.presentationml.presentation,
                                                          application/vnd.openxmlformats-officedocument.wordprocessingml.document, application/vnd.openxmlformats-offi
                                                          application/vnd.ms-powerpoint, application/x-mspowerpoint, application/vnd.ms-excel, application/x-msexcel,
    WebReadyDocumentViewingForAllSupportedTypes         : True
    WebReadyDocumentViewingSupportedMimeTypes           : {application/msword, application/vnd.ms-excel, application/x-msexcel, application/vnd.ms-powerpoint, applica
                                                          application/pdf, application/vnd.openxmlformats-officedocument.wordprocessingml.document,
                                                          application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, application/vnd.openxmlformats-officedocu
    WebReadyDocumentViewingSupportedFileTypes           : {.doc, .dot, .rtf, .xls, .ppt, .pps, .pdf, .docx, .xlsx, .pptx}
    AllowedFileTypes                                    : {.rpmsg, .xlsx, .xlsm, .xlsb, .vstx, .vstm, .vssx, .vssm, .vsdx, .vsdm, .tiff, .pptx, .pptm, .ppsx, .ppsm, .
    AllowedMimeTypes                                    : {image/jpeg, image/png, image/gif, image/bmp}
    ForceSaveFileTypes                                  : {.html, .swf, .spl, .htm, .dir, .dcr}
    ForceSaveMimeTypes                                  : {Application/x-shockwave-flash, Application/octet-stream, Application/futuresplash, Application/x-director,
    BlockedFileTypes                                    : {.vsmacros, .msh2xml, .msh1xml, .ps2xml, .ps1xml, .mshxml, .gadget, .mhtml, .psc2, .psc1, .msh2, .msh1, .asp
    BlockedMimeTypes                                    : {application/x-javascript, application/javascript, application/msaccess, x-internet-signup, text/javascript,
                                                          application/hta, text/scriplet, text/xml}
    RemoteDocumentsAllowedServers                       : {}
    RemoteDocumentsBlockedServers                       : {}
    RemoteDocumentsInternalDomainSuffixList             : {}
    FolderPathname                                      :
    Url                                                 : {}
    LogonFormat                                         : UserName
    ClientAuthCleanupLevel                              : High
    LogonPagePublicPrivateSelectionEnabled              : False
    LogonPageLightSelectionEnabled                      : False
    IsPublic                                            : False
    FilterWebBeaconsAndHtmlForms                        : UserFilterChoice
    NotificationInterval                                : 120
    DefaultTheme                                        :
    UserContextTimeout                                  : 60
    ExchwebProxyDestination                             :
    VirtualDirectoryType                                :
    OwaVersion                                          : Exchange2013
    ServerName                                          : servername
    InstantMessagingCertificateThumbprint               :
    InstantMessagingServerName                          :
    RedirectToOptimalOWAServer                          : True
    DefaultClientLanguage                               : 0
    LogonAndErrorLanguage                               : 0
    UseGB18030                                          : False
    UseISO885915                                        : False
    OutboundCharset                                     : AutoDetect
    GlobalAddressListEnabled                            : True
    OrganizationEnabled                                 : True
    ExplicitLogonEnabled                                : True
    OWALightEnabled                                     : True
    DelegateAccessEnabled                               : True
    IRMEnabled                                          : True
    CalendarEnabled                                     : True
    ContactsEnabled                                     : True
    TasksEnabled                                        : True
    JournalEnabled                                      : True
    NotesEnabled                                        : True
    RemindersAndNotificationsEnabled                    : True
    PremiumClientEnabled                                : True
    SpellCheckerEnabled                                 : True
    SearchFoldersEnabled                                : True
    SignaturesEnabled                                   : True
    ThemeSelectionEnabled                               : True
    JunkEmailEnabled                                    : True
    UMIntegrationEnabled                                : True
    WSSAccessOnPublicComputersEnabled                   : True
    WSSAccessOnPrivateComputersEnabled                  : True
    ChangePasswordEnabled                               : True
    UNCAccessOnPublicComputersEnabled                   : True
    UNCAccessOnPrivateComputersEnabled                  : True
    ActiveSyncIntegrationEnabled                        : True
    AllAddressListsEnabled                              : True
    RulesEnabled                                        : True
    PublicFoldersEnabled                                : True
    SMimeEnabled                                        : True
    RecoverDeletedItemsEnabled                          : True
    InstantMessagingEnabled                             : True
    TextMessagingEnabled                                : True
    ForceSaveAttachmentFilteringEnabled                 : False
    SilverlightEnabled                                  : True
    PlacesEnabled                                       : False
    WeatherEnabled                                      : True
    AllowCopyContactsToDeviceAddressBook                : True
    AnonymousFeaturesEnabled                            : True
    IntegratedFeaturesEnabled                           : True
    DisplayPhotosEnabled                                : True
    SetPhotoEnabled                                     : True
    PredictedActionsEnabled                             : False
    UserDiagnosticEnabled                               : False
    ReportJunkEmailEnabled                              : True
    WebPartsFrameOptionsType                            : SameOrigin
    AllowOfflineOn                                      : AllComputers
    SetPhotoURL                                         :
    InstantMessagingType                                : None
    Exchange2003Url                                     :
    FailbackUrl                                         :
    Name                                                : owa (Internal OWA-ECP)
    InternalAuthenticationMethods                       : {Basic, Fba}
    MetabasePath                                        : IIS://servername.ad.adpress.com/W3SVC/3/ROOT/owa
    BasicAuthentication                                 : True
    WindowsAuthentication                               : False
    DigestAuthentication                                : False
    FormsAuthentication                                 : True
    LiveIdAuthentication                                : False
    AdfsAuthentication                                  : False
    OAuthAuthentication                                 : False
    DefaultDomain                                       : ad.adpress.com
    GzipLevel                                           : High
    WebSite                                             : Internal OWA-ECP
    DisplayName                                         : owa
    Path                                                : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa
    ExtendedProtectionTokenChecking                     : None
    ExtendedProtectionFlags                             : {}
    ExtendedProtectionSPNList                           : {}
    AdminDisplayVersion                                 : Version 15.0 (Build 1473.3)
    Server                                              : servername
    InternalUrl                                         : https://owa.adpress.com/OWA
    ExternalUrl                                         : https://adpress.com/owa
    ExternalAuthenticationMethods                       : {Fba}
    AdminDisplayName                                    :
    ExchangeVersion                                     : 0.10 (14.0.100.0)
    DistinguishedName                                   : CN=owa (Internal OWA-ECP),CN=HTTP,CN=Protocols,CN=servername,CN=Servers,CN=Exchange Administrative Group (FYDIBOH
                                                          Groups,CN=Advertisers Press,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=adpress,DC=com
    Identity                                            : servername\owa (Internal OWA-ECP)
    Guid                                                : 3ed3a10f-6322-4b28-8e34-4682601e57ae
    ObjectCategory                                      : ad.adpress.com/Configuration/Schema/ms-Exch-OWA-Virtual-Directory
    ObjectClass                                         : {top, msExchVirtualDirectory, msExchOWAVirtualDirectory}
    WhenChanged                                         : 10/22/2019 7:24:46 AM
    WhenCreated                                         : 10/18/2019 1:10:19 PM
    WhenChangedUTC                                      : 10/22/2019 12:24:46 PM
    WhenCreatedUTC                                      : 10/18/2019 6:10:19 PM
    OrganizationId                                      :
    Id                                                  : servername\owa (Internal OWA-ECP)
    OriginatingServer                                   : servername2.ad.adpress.com
    IsValid                                             : True
    ObjectState                                         : Changed



    [PS] C:\Windows\system32>


    Kevin Skinner

    Tuesday, November 5, 2019 12:46 PM