Solved

Exchange 2013 ECP .Net error

Posted on 2012-12-27

1 solution

5,770 Views

Last Modified: 2013-08-01

Hi I just installed exchange 2013 on a domain controller in a test environment. OWA works, but if I try to access https://servername/ecp I get the following error:

Server Error in '/ecp' Application.
--------------------------------------------------------------------------------

NegotiateSecurityContext failed with LogonDenied
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: NegotiateSecurityContext failed with LogonDenied

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpException (0x80004005): NegotiateSecurityContext failed with LogonDenied]
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result) +604
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +210

the following is logged in the eventlog:

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 12/27/2012 11:27:39 PM
Event time (UTC): 12/28/2012 4:27:39 AM
Event ID: a77ad86febc042a78a5f903b83aa0642
Event sequence: 176
Event occurrence: 14
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/1/ROOT/ecp-5-130011412568254657
Trust level: Full
Application Virtual Path: /ecp
Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp\
Machine name: ALPHA2

Process information:
Process ID: 17860
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM

Exception information:
Exception type: HttpException
Exception message: NegotiateSecurityContext failed with LogonDenied
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result)
at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)

Request information:
Request URL: https://alpha2:443/ecp/
Request path: /ecp/
User host address: fe80::e103:3fb3:bff:d233C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp\
User: CRYPTZ\SM_235cdaff9cfb4207a
Is authenticated: True
Authentication Type: Basic
Thread account name: NT AUTHORITY\SYSTEM

Thread information:
Thread ID: 58
Thread account name: NT AUTHORITY\SYSTEM
Is impersonating: False
Stack trace: at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result)
at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)

Custom event details:

I am unable to find anything about:NegotiateSecurityContext

any help woud be appreciated.

Comment

Question by:Baran711

[X]

Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

Help others & share knowledge
Earn cash & points
Learn & ask questions

Join The Community

7 Comments

LVL 13

Expert Comment

by:Yagya Shree

ID: 387265302012-12-28

Hi,

This is solved by installing “Windows Identity Foundation 3.5” on Windows Server 2012.
This can be found in Windows Features installation or easy install with Powershell: “Install-WindowsFeature”.

Please refer below post:
http://gjohansson.com/blog/2012/07/31/server-error-in-ecp-application-exchange-2013/

Author Comment

by:Baran711

ID: 387267842012-12-28

yagyashree,

i verified i already have windows identity foundation 3.5 installed. also the error in the link you provided is not the same error i am receiving

Author Comment

by:Baran711

ID: 387302442012-12-29

I just wanted to add the following. if I try to directly access the back end ecp directory I get the error below. I have another test server in a different domain and I can access the back end ecp directly. maybe this error + the error above for the front end ecp directory will help us narrow this down:

Current user: 'Administrator'
Request for URL 'https://alpha2.cryptz.com:444/ecp/default.aspx' failed with the following error:
System.NotSupportedException: GetSecurityIdentifier does not support Microsoft.Exchange.Management.ControlPanel.StandardSession
at Microsoft.Exchange.Security.Authentication.IIdentityExtensions.GetSecurityIdentifier(IIdentity identity)
at Microsoft.Exchange.Management.ControlPanel.EcpIdentity..ctor(IIdentity logonUserIdentity, String cacheKeySuffix)
at Microsoft.Exchange.Management.ControlPanel.RbacSettings..ctor(HttpContext context)
at Microsoft.Exchange.Management.ControlPanel.AuthenticationSettings..ctor(HttpContext context)
at Microsoft.Exchange.Management.ControlPanel.RbacModule.Application_PostAuthenticateRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at Microsoft.Exchange.Security.Authentication.IIdentityExtensions.GetSecurityIdentifier(IIdentity identity)
at Microsoft.Exchange.Management.ControlPanel.EcpIdentity..ctor(IIdentity logonUserIdentity, String cacheKeySuffix)
at Microsoft.Exchange.Management.ControlPanel.RbacSettings..ctor(HttpContext context)
at Microsoft.Exchange.Management.ControlPanel.AuthenticationSettings..ctor(HttpContext context)
at Microsoft.Exchange.Management.ControlPanel.RbacModule.Application_PostAuthenticateRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

LVL 13

Expert Comment

by:Yagya Shree

ID: 387714272013-01-13

Did you manage to get an answer for your query?

Accepted Solution

by:Baran711

Baran711 earned 0 total points

ID: 387720582013-01-13

I resolved the issue myself. there was a conflicting .net application running in iis. it has set the modules runallmanagedmodulesforallrequests= true

Author Closing Comment

by:Baran711

ID: 387923092013-01-18

I was able to determine the cause of the problem

Expert Comment

by:Lighthouse_IS

ID: 393753722013-08-01

What did you do to resolve it?

Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title	# Comments	Views	Activity
Deny sending to more than 2 recipients in Exchange 2016	2	48	2017-05-17
Import Archive PST files into Archive Office 365 mailboxes	2	32	2017-05-17
Exchange: No DNS servers could be retrieved from network adapter that doesn't exist.	6	50	7d
Where do I find the default retention policy installed with Exchange Server 2010?	2	16	7d

THINGS THAT YOU NEED TO KNOW ABOUT MS OUTLOOK

Article by: james

MS Outlook is a world-class email client application that is mainly used for e-communication globally. In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.

The top 15 things to never include in an email signature

Article by: Exclaimer

Read this checklist to learn more about the 15 things you should never include in an email signature.

Exchange 2013: Creating a Shared Mailbox

Video by: Gareth

In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

Basics of Database Availability Groups (Part 2)

Video by: Tej Pratap

The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager