Solved

Cannot Access Exchange Control Panel ‘ECP’ in Exchange Server 2013

Posted on 2014-04-09
4
9,117 Views
2 Endorsements
Last Modified: 2014-04-15
I was working with the authentications methods for OWA and frankly, I must have messed something up.

Now, when trying to access the ECP, after providing your username and password, it takes you to the OWA page and it gives you a blank “HTTP 400 Error” page.

I understand an administrator can use the Exchange Management Shell to reconfigure the authentications on the virtual directories, but my online research turns up contradictory shell commands. I request help to properly format the shell commands to correct authentications on the virtual directories for the ECP and OWA.

FWIW; One Exchange 2013 server holds all roles, the server name is "mail" & the internal name is mail.wti.local
2
Comment
Question by:GPCDIADMIN
  • 3
4 Comments
 
LVL 6

Expert Comment

by:arroryn
ID: 39990104
Try working through this link - I initially thought it was permissions, and this seems to match your symptoms like-for-like

http://lyncdude.com/2013/02/07/cannot-access-exchange-contorl-panel-ecp-in-exchange-server-2013/

(le copy le paste from source)

Solution:

make sure that the authentication methods used by OWA and ECP are matching this is done by running the following

> Get-owavirtualdirectory | fl

make sure that you using “Form based Authentication” and “Basic Authentication”

3

do the same with ECP using the following command line

> Get-ECPVirtualDirectory | fl

4

If not then you just need to reconfigure the Authentications on both Virtual Directories, DONNOT use IIS use Exchange Management Shell.

For owa use the following

>Set-owavirtualdirectory -identity “owa <Default Web site>” -FormAuthentication:$true

use the same also for ECP

>Set-ecpvirtualdirectory -identity “ecp <Default Web site>” -FormAuthentication:$true

then restart your iis services using the following

>iisreset

once finished try to access your ECP page again and it should work now

if it didn’t make sure to run the same command lines but using “owa <Exchange Back End>” to make sure that both Default web site and Exchange back end website authentication methods are matching.

Cheers
0
 

Author Comment

by:GPCDIADMIN
ID: 39990175
The commands published at http://lyncdude.com  do not work for me. They appear to be incomplete or something is not correct for my application.

This is a production server. Please, to earn your 500 points, I ask that you respect my server integrity and provide me with complete and (correct for this instance) instructions.  Here is some more information to assist.


> Get-owavirtualdirectory | fl
Name                                                : owa (Default Web Site)
InternalAuthenticationMethods                       : {Basic, Fba, Ntlm, WindowsIntegrated}
MetabasePath                                        : IIS://EMAIL.WTI.LOCAL/W3SVC/1/ROOT/owa
BasicAuthentication                                 : True
WindowsAuthentication                               : True
DigestAuthentication                                : False
FormsAuthentication                                 : True
LiveIdAuthentication                                : False

> Get-ECPVirtualDirectory | fl
Name                            : ecp (Default Web Site)
InternalAuthenticationMethods   : {Basic, Fba}
MetabasePath                    : IIS://MAIL.WTI.LOCAL/W3SVC/1/ROOT/ecp
BasicAuthentication             : True
WindowsAuthentication           : False
DigestAuthentication            : False
FormsAuthentication             : True
0
 

Accepted Solution

by:
GPCDIADMIN earned 0 total points
ID: 39992223
I found after much searching that the reason the lyncdude fix was not working, was that certain needed command arguments were not present in lyncdude's information.

With the more complete information below, I could readily deduce what elements were missing in my commands to successfully execute them.

set-Owavirtualdirectory -identity "E15MBX\owa (Exchange Back End)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset (only)  (iisreset /noforce would lockup the WWW publishing service every time)

For the "ECP" virtual directory

Type the following commands, and then press Enter after each line:

Add-PSSnapin *exchange*

Set-EcpVirtualDirectory -Identity "E15MBX\ecp (Exchange Back End)" -WindowsAuthentication $true -FormsAuthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset (only)  (iisreset /noforce would lockup the WWW publishing service every time)
0
 

Author Closing Comment

by:GPCDIADMIN
ID: 40001144
I had actually had found lyncdude's page prior to posting this question in experts-exchange. I posted a question here because I needed more comprehensive assistance with the command arguments.

With the more complete information, I could readily deduce what elements were missing in my commands to successfully execute them. That is why my solution worked.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
how to add IIS SMTP to handle application/Scanner relays into office 365.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question