Solved

HTTP/1.1 500 Internal Server Error OWA Exchange 2003

Posted on 2013-05-28
30
3,122 Views
Last Modified: 2013-06-05
Hello everyone, I've got myself quite the problem, I've been trying to figure this one out for weeks.

I am speaking, as the title implies, of OWA on Exchange 2003 running on Small Business Server 2003.  What was happening when the problem first occurred is that certain users would get an HTTP/1.1 500 Internal Server error when trying to log in.  When investigating things I noticed that this would only occur on user's whose mail box said that the user was the last one to log into the mailbox, and on the ones where it would actually work, such as the administrator account, it would say that it was last accessed by "NT AUTHORITY\SYSTEM".  During my troubleshooting I tried the following methods in the links below to no avail.

http://support.microsoft.com/kb/894965

http://support.microsoft.com/default.aspx?scid=kb;EN-US;829167

Tried uninstalling Exchange Update 926666 as stated was the solution by a poster in this thread - http://forums.msexchange.org/m_1800431832/mpage_1/key_/tm.htm#1800488577 , the reference for the update is -  http://support.microsoft.com/kb/926666/
At first this appeared to have worked, but it started messing up the following day, I discovered that restarting the HTTP SSL service would get it to work again, this lasted for 2 days, but that also stopped working and I'm back to square one, I checked to see if it had automatically reinstalled the update but its still gone

I've tried nearly every permutation of directory security on all 6 of the virtual directories.

I have also tried this as there were some active sync errors as well -
http://support.microsoft.com/default.aspx?scid=kb;EN-US;817379
That article left me with a virtual directory called exchange2.  It solved my activesync problems (as far as I know) but OWA is still out of commission.

But despite all of this very limited results which reverted back or none at all were encountered with all of the solutions.  This morning at around 10 CST though nothing could be accessed from OWA, you couldn't even authenticate any more, it would just simply give the internal server error 500 as soon as you browse to the site, so I tried what I classified as last resort and did what this article said and deleted the 6 virtual directories and metabase key -
http://www.petri.co.il/fixing_a_damaged_or_incorrectly_configured_owa_2003_installation.htm

It behaved exactly as the article said it would, after deletion the directories were recreated and everything appeared to be good.  But when i tried to access OWA it was still the same 500 internal server error page before even asking to login.  So I went back and retried all of the previously mentioned solutions to see if trying them on fresh virtual directories would make a difference.  When I tried the one that had me add them all to the exchangeapplicationpool again this got the limited functionality that I had before back, where i could authenticate with users last logged onto by the "NT AUTHORITY\SYSTEM" but anyone who had their username or anyone else's username listed as the last logged on by is not able to access it.  So basically I'm back at square one, and I'm not sure where to go from here.  I thank everyone in advance for any help they can provide, and if I can provide any additional information please let me know.
0
Comment
Question by:ctagle
  • 15
  • 8
  • 4
  • +1
30 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39204200
It's very hard to troubleshoot 500 errors. 500 just means 'something crashed at the server end'. If you're lucky there'll be something in the server's event log (application log).

If you are sure that exchange2 is working correctly for your activesync users, then it may be a working copy of your OWA installation. See what happens if you go to https://servername/exchange2 in your desktop browser.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 39204295
Do you have all the correct  Applications from the Application Pool associated with the Virtual Directory.

Is there a reason that you change the Exchange Virtual Directory?
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39204516
Do you have debug level logging set?
0
 

Author Comment

by:ctagle
ID: 39207816
Indeed it is

Exchange Active Sync was working, now I'm getting reports that its down again.....But I tried that when ActiveSync was working and I still got the same 500 error.

I believe so, I essentially mirrored the settings from another working SBS 2003 server, at least on the application pools for the virtual directories, assuming I'm understanding what your talking about.

I didn't actually touch the Exchange virtual directory.  All I did was export the Exchange VDir configuration to a file, created a virtual directory from a file using said exported configuration, and pointed the appropriate registry key for active sync to the new virtual directory.  It actually didn't change the behavior of the OWA side at all, it just (at the time) got the active sync working.

As an update I've been working on it this morning and have been testing it with the Exchange Connectivity Analyzer since active sync is once again down and I'm getting this sometimes when it attempts to establish and Active Sync session with the server:

Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
       
      Additional Details
       Exception details:
Message: The operation has timed out
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()

And other times I'm getting my old friend:

Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).


There was another error to but I didn't copy and paste it when it came up.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39207867
You say they get the 500 error wehen trying to log in. It's possible that the FBA mechanism is failing, since it just adds another layer of complication to the whole thing. See if turning off FBA, and just using Basic and/or Integrated works any better, It'll also give you the chance to try it without SSL required (temporarily, of course), since that can cause problems of its own.
0
 

Author Comment

by:ctagle
ID: 39207883
Here is the other error I spoke of in my last post:

Testing HTTP Authentication Methods for URL https://mail.domain.org/Microsoft-Server-ActiveSync/.
       The HTTP authentication test failed.
       
      Additional Details
       Exception details:
Message: The underlying connection was closed: An unexpected error occurred on a receive.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()
Exception details:
Message: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Type: System.IO.IOException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
Exception details:
Message: An existing connection was forcibly closed by the remote host
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
0
 

Author Comment

by:ctagle
ID: 39207919
Disabling forms based authentication and SSL was one of the first things that I tried but unfortunately it didn't help.  Interesting side note: I went back in and tried re-enabling FBA just for S&G and i get the following error message.

Access Denied.

Facility: Win32
ID no: 80070005
Exchange System Manager
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39208135
It's just getting stranger. Is there anything written to the event logs (the application one) when you see the 500 error? Sometimes, it's due to something outside IIS.

Did you try just using DefaultAppPool in the Exchange VDir?
0
 

Author Comment

by:ctagle
ID: 39209242
Attached are three screenshots of the errors we receive.  What's odd is that it's been working fine till about 2 days ago.
Error-OMA.jpg
Error-exchange.jpg
Exchange-VirtualError.jpg
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 39209311
This all seems to be pointing to the App Pool as I stated in my first reply.

What if you moved everything back into the Default Web Site?
Have you tried that?
0
 

Author Comment

by:ctagle
ID: 39210845
I set everything back to default and I still get the same error when trying to enable forms based authentication.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39211167
Does it allow you to create another virtual server? ISTR this will end up creating another site in IIS, dedicated to OWA. If you give it a host header name in IIS Manager, you'll be able to see if a newly-created virtual server (with all default settings automatically configured for you) works any better.
0
 

Author Comment

by:ctagle
ID: 39211343
Ok we've managed to get it working with OWA, kind of....

When I go into the exchange virtual directory and tell to allow anonymous access, basic authentication, and integrated windows authentication, OWA works completely in google chrome, in IE though it sort of works, at the top it generates the error message i pasted below.  But its acting really weird on the server side.  Active sync still fails with a 500 error message, and whenever you try to use active sync, it resets the permissions on the exchange virtual directory, causing an "error: access is denied" error message to be generated whenever you try to access OWA.  It will also reset the permissions after a certain period of time, the duration of which I haven't been able to determine yet.  If I go back in reset the permissions, OWA works again, but the permissions will get reset in the same manner i said before.

Error message when using OWA in IE (OWA works but this shows up at the top of the window)
/exchweb/img/table-layout:fixed;width:100%;Sent ToBKBMBfalseNonepercentImportancei4http://schemas.microsoft.com/exchange/x-priority-long1101width:13px;cursor:hand;text-align: center;Item Typestringhttp://schemas.microsoft.com/exchange/outlookmessageclass1101width:20px;cursor:hand;text-align: center;FlagStatusi4http://schemas.microsoft.com/mapi/proptag/x109000031101width:20px;cursor:hand;text-align: center;Attachmentbooleanurn:schemas:httpmail:hasattachment1101width:15px;cursor:hand;text-align: center;Tostringurn:schemas:httpmail:displayto1001width:23%;cursor:hand;text-align: ;padding-right:3px;padding-left:3px;Subjectstringhttp://schemas.microsoft.com/mapi/subject1001width:45%;cursor:hand;text-align: ;padding-right:3px;padding-left:3px;Sentdatehttp://schemas.microsoft.com/exchange/date-iso1001width:32%;cursor:hand;text-align: ;padding-right:3px;padding-left:3px;ddd M/d/yyyyh:mm tt"http://schemas.microsoft.com/mapi/proptag/0x67aa000b" = false AND "DAV:isfolder" = falsehttp://schemas.microsoft.com/exchange/date-isoDESCdatebackground-color:buttonface
0
 

Author Comment

by:ctagle
ID: 39211407
ok i got it to retain the settings by going into system manager and setting the authentication settings on the virtual directory from there, but i still get the same long text in IE.  Active sync still doesn't work but after changing that setting in system manager the error message i'm getting in the remote connectivity analyzer has change from 500 to the one i'll paste below

      An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
       
      Test Steps
       
      Attempting to send the OPTIONS command to the server.
       The OPTIONS response was successfully received and is valid.
       
      Additional Details
      Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
       
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39215748
For the long text you are seeing in the previous post, you seem to be seeing some of the page source, which should really be executed on the server, not just sent to you as text. Maybe some of the executable handler mappings (.asp or .aspx) have been removed.

This 403 (resulting in the ActiveSync failure) sounds like it is trying to communicate with the Exchange vdir instead of whichever vdir you created from doing KB817379 (Exchange2). 403 usually means ssl required, and ActiveSync can only make its internal requests on port 80 (i.e. plain http). Or maybe you now have SSL required on your Exchange2? If so, you'll need to uncheck it
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:ctagle
ID: 39217481
Ok long text is gone, but the error message is back, 500 internal server error.  For a while through all of this I though it was a permissions issue, referring back to the access denied message I posted.  I managed to fix that problem by changing some stuff around on the server object in adsiedit......for about an hour, then it gave out again, its pretty much back to doing the same thing, except now the common denominator of having the last logged onto field as NT AUTHORITY\SYSTEM allowing it to work is no longer the case.  The only account that can log into OWA is administrator at this point, even another account thats been copied directly from the administrator account can't login to OWA.  At this point I'm at a complete and total loss, every permutation of a google search on my computer generates two pages of purple already clicked on links, and I find myself beginning to repeat steps without even thinking, the amount of things I've tried are to numerous to list at this point.  Any ideas as to what it could be at this point?  Thanks once again in advance for any help

EDIT:  I don't think i was clear in my last paragraph, the permissions issues are gone now, at least on enabling FBA and there is no longer an access denied message in place of the log file path on the server object properties, nor am i getting an access denied message when i try to click on the directory access tab.  after i resolved the error causing that message it started working for about an hour, but then it gave out again.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39218591
Okay, well you have some progress, at least. For now, I would make sure that FBA is turned off and SSL is not required, to keep things as simple as possible. Also, if you have any kind of redirection in place (i.e. default web site root to /Exchange), don't use it - go directly to the /Exchange URL.

Also, is OMA working for any user besides Admin?
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 39218747
Just curious, What browser are you using?
0
 

Author Comment

by:ctagle
ID: 39218977
FBA is turned off, SSL is also not required, and there isn't any kind of redirection enabled, users have to manually add the /exchange to the URL.  No it isn't, at first there were certain users it would work for, on those users I couldn't find any commonality, other than the fact that if I went into system manager and looked at the mailboxes the ones that would actually login were the ones that had "NT AUTHORITY/SYSTEM" in the "Lasted logged on by" column.  But now that isn't the case, the only account that can access OWA is administrator.  And its the same thing with active sync, it works with administrator, but when I try it with a regular user it gives the 500 internal server error when it tries to do the folder sync command.  Having said that it almost makes me wonder if there is still a lingering permissions issue, but if that was the case I would think the other domain admin user I have setup would be able to login but it can't, so if it is a permissions issue, that would mean that somewhere something has it set to where only the administrator has access to it, but thats all just speculation.

I'm using Firefox and IE 8 (My workstation is running XP) for testing, anytime that I go to test OWA after troubleshooting or trying a solution I test it with both browsers.
0
 

Author Comment

by:ctagle
ID: 39219094
Ok I'm wrong, the commonality I spoke of still exists.  Any user that has "NT AUTHORITY/SYSTEM" in the "Last Logged on By" column is able to logon, if it says that it was last accessed by the user, then it doesn't work.  What I haven't been able to figure out is what causes the change to "NT AUTHORITY/SYSTEM"

What I said about active sync is true though, it only works with administrator.

EDIT: grrrr.....ok the commonality is now gone again after running the email and internet wizard to see if that would help, its now back to where only the administrator account will work.
0
 

Author Comment

by:ctagle
ID: 39219449
Ok I'm noticing some event log entries that are showing up that may be relevant, there is this one:

Type: Warning
Event ID: 1040

Metabase Update failed replication 5 times with error 80070003 (The system cannot find the path specified.). Please change the diagnostic logging level of MSExchangeMU to 'minimum' or greater to find the source of the problem.


And then there is this one, which seems like it might be more relevant because for some reason this error shows up every time i try to hit OWA with a regular user.  

Type: Error
Event ID: 201

No license was available for user DOMAIN\user using product FilePrint .  Use Licensing from the Administrative Tools folder to ensure that you have sufficient licenses.

If it is a licensing issue then I guess it would make sense that its not working with any other user than the administrator (I think).  But what I find odd is that its referring to "FilePrint" I'm not even sure what that is and why it would be affecting OWA, unless, if it is a licensing issue, its affecting the entire server by design.

I'm also seeing active sync errors now showing up in the event log as one of the user's phones keeps trying to communicate with the server.  I found it to be woefully unhelpful but perhaps one of ya'll will find it more useful:

Type: Error
Event ID: 3005

Unexpected Exchange mailbox Server error: Server: [servername.domain.domain.org] User: [user@domain.org] HTTP status code: [501]. Verify that the Exchange mailbox Server is working correctly.
0
 

Author Comment

by:ctagle
ID: 39219537
Good grief I'm spamming my own question -.-  

I managed to get OWA working (cautious optimism enabled).  It seems that there wasn't enough licenses as indicated by that error that i posted above, so I installed some more and its working, now to just cross my fingers that it stays that way.

But unfortunately Active Sync is still misbehaving, its giving a 500 internal server error at the same point.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39219834
I'd be surprised if a lack of licences would make it fail in such a confusing manner, but you never know.

Is A/S producing a 500 error or a 501 (that's what is pasted in your previous message)? There's a description here
http://support.microsoft.com/kb/318380
but I've never seen a 501 in lreal life.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39219860
Tapped out here, you've tried all the techniques I could come up with.

- gurutc
0
 

Author Comment

by:ctagle
ID: 39219990
Yea it wasn't one of things I would have thought of, but the errors would be generated each time a user would try to logon, and according to the licensing on the server, 5 were installed and 14 were in use.  In any case as soon as I installed the new licenses OWA started working, very strange.

And the active sync issue now appears to be solved, it started working after I implemented this solution:  http://support.microsoft.com/default.aspx?scid=kb;EN-US;817379

Which is strange cause I've tried that like 3 or 4 times but maybe it had something to do with the licensing or the myriad of things i've tried doing to troubleshoot stuff on this server.  I'll go ahead and leave this open for a day, just in case the server decides to make a liar out of me, but for now, its working.......woot! lol
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39220003
hooray, woot you and others.

- gurutc
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
ID: 39221566
Well, w00t indeed. Windows Server doesn't seem to ask any more, but ISTR in earlier versions it asked if you wanted to install it in Per Seat or Per Something Else mode. I always chose the one that didn't actually check the number of users (relying on one's honesty), in the hope of avoiding this sort of thing.

Is there also a License Logging Service in Server 2003? ISTR it helped to just switch it off.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39221613
Yes, I have found turning off License Logging helps also.

- gurutc
0
 

Author Comment

by:ctagle
ID: 39222278
There is a license logging service, I never thought of turning that off, if we start to experience problems again in the future I'll give that a try.  That server will only be in operation for the next two or three months before its decommissioned and replaced though so hopefully it will behave until then.  Thank you all once again for your help.
0
 

Author Closing Comment

by:ctagle
ID: 39222288
Seeing as how it doesn't make sense to select multiple posts from one poster as a solution I'll just pick the last one you posted Lee.  You stuck with it through the entire process and were helpful and informative with each prompt reply.  Thanks alot.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now