Unable to access ECP/OWA

I installed Exchange 2013 on 2 brand new Server 2012 virtual machines, one with the mailbox role and another with the CAS roles. The installation completed without errors but I cannot log on to the ECP (or OWA for that matter). As I enter my user/pass, the password field goes blank and a number of event log entries are added (see below).

I'm using the default administrator account (also Enterprise Admin, Domain Admin and member of the Organization Management security groups). I mail-enabled the account with enable-mailuser + enable-mailbox. I can execute Exchange Powershell cmdlets when logged on with this account, so security looks good.

The problem is OWA/ECP which consistenly logs the following errors when I attempt to access the OWA:

[Ecp] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)

   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)

   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()

   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

   at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)

   at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)

   at Microsoft.Exchange.HttpProxy.ProxyModule.<>c__DisplayClassa.<OnBeginRequest>b__9()

   at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)

---------------------------------------------------------------------

[Owa] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)

   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)

   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()

   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

   at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)

   at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)

   at Microsoft.Exchange.HttpProxy.ProxyModule.<>c__DisplayClassa.<OnBeginRequest>b__9()

   at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)

---------------------------------------------------------------------------

Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 28/11/2012 0:47:38

Event time (UTC): 27/11/2012 23:47:38

Event ID: 12c0aac14e0c45b093e860f6699b0d76

Event sequence: 4

Event occurrence: 3

Event detail code: 0

Application information:

    Application domain: /LM/W3SVC/1/ROOT/Rpc-2-129985330412727995

    Trust level: Full

    Application Virtual Path: /Rpc

    Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc\

    Machine name: <cleaned up>

Process information:

    Process ID: 4848

    Process name: w3wp.exe

    Account name: NT AUTHORITY\SYSTEM

Exception information:

    Exception type: HttpException

    Exception message: The client disconnected.

   at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result)

   at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)

Request information:

    Request URL: http://<cleaned up>/rpc/rpcproxy.dll?688b9c54-fc83-47a6-bf82-343799d288d5@falcora.net:6001

    Request path: /rpc/rpcproxy.dll

User host address: fe80::d58e:d780:34ed:af68C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc\

    User: FALCORA\SM_29bd07d0480e4b41a

    Is authenticated: True

    Authentication Type: NTLM

    Thread account name: NT AUTHORITY\SYSTEM

Thread information:

    Thread ID: 18

    Thread account name: NT AUTHORITY\SYSTEM

    Is impersonating: False

    Stack trace:    at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result)

   at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)

 

I have spent hours wading through log files and posts, and cannot get my head around this one. 

November 27th, 2012 11:59pm

Hi,

Does this issue occur when you accessing the ECP/OWA from IE on both the MBX and CAS server?

You can try checking the IIS log and let us know the detailed error codes

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnfsl@microsoft.com

Thanks,

Free Windows Admin Tool Kit Click here and download it now
November 28th, 2012 8:45am

Hi Simon,

I am trying this on the CAS server. Per your email I attempted the same on the mailbox server using https://localhost:444/ecp which provides me with access to the user settings part of the ECP but I cannot access any of the server admin menus.

Here is the part of the IIS log file for the CAS server:

<quote>2012-11-28 12:07:02 192.168.248.78 POST /owa/auth.owa - 443 domainname\administrator 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 31 2012-11-28 12:07:02 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 15 2012-11-28 12:07:02 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:02 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Kxc/L 80 - fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Kxc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 46 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 - fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 156 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 15 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 31 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 - fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 31 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 15 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 500 0 64 93 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 15 2012-11-28 12:07:06 ::1 GET /OWA/Calendar/resource - 443 - ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:10 192.168.248.78 POST /owa/auth.owa - 443 domainname\administrator 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 0 2012-11-28 12:07:10 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 15 2012-11-28 12:07:10 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:10 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 0 2012-11-28 12:07:15 ::1 GET /ecp/ReportingWebService/ - 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 0 2012-11-28 12:07:15 ::1 GET /OAB/ - 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 15 2012-11-28 12:07:23 192.168.248.78 POST /owa/auth.owa - 443 administrator@domainname.net 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 64 46 2012-11-28 12:07:23 192.168.248.78 POST /owa/auth.owa - 443 administrator@domainname.net 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 47 2012-11-28 12:07:23 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 0 2012-11-28 12:07:23 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:23 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 0 2012-11-28 12:07:31 ::1 GET /PowerShell/ - 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 15 2012-11-28 12:07:31 ::1 GET /PowerShell/ - 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 0 2012-11-28 12:07:35 ::1 GET /Microsoft-Server-ActiveSync/default.eas - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:35 ::1 RPC_IN_DATA /RPC/rpcproxy.dll &RequestId=39c4a41e-a1b7-4b14-950f-613c00003c21 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 4764 2012-11-28 12:07:37 ::1 GET /AutoDiscover/ - 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:40 ::1 POST /OWA/auth.owa - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 AMProbe/Local/ClientAccess - 302 0 0 0 2012-11-28 12:07:45 ::1 OPTIONS /Microsoft-Server-ActiveSync/default.eas - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 TestActiveSyncConnectivity - 200 0 0 31 2012-11-28 12:07:45 ::1 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Settings&User=HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net&DeviceId=EASProbeDeviceId140&DeviceType=EASProbeDeviceType 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 TestActiveSyncConnectivity - 200 0 0 31 2012-11-28 12:07:46 192.168.248.78 POST /owa/auth.owa - 443 domainname\rvantigchelt 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 156 2012-11-28 12:07:46 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 0 2012-11-28 12:07:46 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:46 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 15 2012-11-28 12:07:48 ::1 GET /ecp/ - 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/ - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx url=https%3a%2f%2flocalhost%2fowa%2f&reason=0 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/ - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx url=https%3a%2f%2flocalhost%2fowa%2f&reason=0 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2flocalhost%2fowa%2f 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 15 2012-11-28 12:07:52 ::1 GET /owa/auth/15.0.516/scripts/premium/flogon.js - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:52 ::1 POST /owa/auth.owa - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 15 2012-11-28 12:07:52 ::1 GET /owa/ - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx url=https%3a%2f%2flocalhost%2fowa%2f&reason=0 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:57 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=565da176-2fcf-4510-a753-22b584ec6467 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:07:57 ::1 GET /ews/ - 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:58 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=ee2712f3-8601-453a-b0c9-e91f5805d1f4 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 MSRPC - 200 0 0 1015 2012-11-28 12:07:58 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=fa7f3d36-8824-4d96-9f1f-a6c96cb4292d 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:07:58 fe80::d58e:d780:34ed:af68%12 RPC_OUT_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=3a4c74ad-6d5a-489d-8d2a-34a244f8766d 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=e23195c3-b7e6-4f86-abef-d95394ef0445 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=304cfabd-2c85-4310-a1cb-3a43fcc23afe 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 MSRPC - 200 0 0 62 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=98598c38-8f6b-47eb-9283-98ad6a464e30 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_OUT_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=7cafff1d-31ab-45a6-9cf4-0663dfaa9fea 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 15 </quote>

<quote><quote>Thanks</quote></quote>

November 28th, 2012 12:26pm

Hi,

From the IIS log, I find most of the error code is 302 0. I would like to ask whether you set any redirections on the default web site before?

Thanks,

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnfsl@microsoft.com

Free Windows Admin Tool Kit Click here and download it now
November 29th, 2012 8:38am

Hi Simon,

No redirections were set. This was a cleanly installed Windows 2012 server (+ windows updates), installed UCMA + 2 Office prerequisites. All other required Windows 2012 roles and features were installed by the Exchange setup. No manual changes were made to IIS.

Thanks

November 29th, 2012 12:09pm

After countless hours of not giving up, I finally cracked this problem! This thread ended up pointing me in the right direction. The basic problem is that the Exchange code cannot properly handle X.509 certificates signed with the new and mighty Microsoft Software Key Storage Provider (which is kind of funny), you need to feed Exchange 2013 certificates with a key signed by the old faithfull Microsoft RSA SChannel Cryptographic Provider.

You can check this by running: certutil -store my

Create a new certificate template (Web server V3) with RSA, adjust your policy as needed, request new certificates and run enable-exchangecertificate -thumbprint "xxx" -services "IIS, IMAP, POP, SMTP" -server yyy on all your CAS and mailbox servers. Perform a quick reboot and you should be able to sign into ECP/OWA.

Now onto the fun part of configuring E2013 :-)


  • Marked as answer by Rudi VT Thursday, November 29, 2012 11:42 PM
  • Edited by Rudi VT Friday, November 30, 2012 9:25 AM
Free Windows Admin Tool Kit Click here and download it now
November 29th, 2012 11:42pm

I think, This is a "default" problem of Exchange 2013... I hope MS release a proper installation package which is running.
December 26th, 2012 12:05am

You saved me today! That really helped :) Persistence always wins.

Ignoring what everybody else out there suggested to reinstall CAS server, reinstall IIS server (which I was never going to do) after all the hardwork done for post installation of exchange only your post helped me figure out what the issue was.

Cheers,

Nazim

Free Windows Admin Tool Kit Click here and download it now
February 4th, 2013 7:11am

Thanks for sharing this Rudi ! Had the exact issue here.
May 2nd, 2013 8:41am

Bang on!  Fixed my issue with the ECP\OWA many thanks
  • Edited by jclissold Tuesday, August 06, 2013 10:25 AM
Free Windows Admin Tool Kit Click here and download it now
August 6th, 2013 10:24am

saved me hours, thanks a lot!
April 13th, 2014 1:05pm

Here's what i did that fixed this.

set-ecpvirtualdirectory -Identity "ecp (default web site)" -windowsauthentication $true -formsauthentication $false

do an IISreset

log in to your ecp with https://servername/ecp/?exchclientver=15

Free Windows Admin Tool Kit Click here and download it now
December 11th, 2014 7:23am

I had also the invalid password problem.
I wish to thank you, this solution solved my problem.

Best Regards
January 17th, 2015 7:32pm

Based on the other replies this looks like exactly the solution I need.  The only thing that would make it better... is if you told us how to do it.

"Create a new certificate template (Web server V3) with RSA, adjust your policy as needed, request new certificates and run enable-exchangecertificate -thumbprint "xxx" -services "IIS, IMAP, POP, SMTP" -server yyy on all your CAS and mailbox servers. Perform a quick reboot and you should be able to sign into ECP/OWA."

Looks very useful, but I have no idea how to do it.

-Kendall

Free Windows Admin Tool Kit Click here and download it now
May 31st, 2015 9:11pm

Oh Kendall,

You beat me to it !!!!!

I have just installed Server 2012 and now put exchange 2013 on but can get no further that the ecp login..  it takes the username and password put stays on the logon screen ! ??

July 13th, 2015 10:47am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics