Cannot Access Exchange Control Panel ‘ECP’ in Exchange Server 2013

Posted on 2014-04-09
Medium Priority
2 Endorsements
Last Modified: 2014-04-15
I was working with the authentications methods for OWA and frankly, I must have messed something up.

Now, when trying to access the ECP, after providing your username and password, it takes you to the OWA page and it gives you a blank “HTTP 400 Error” page.

I understand an administrator can use the Exchange Management Shell to reconfigure the authentications on the virtual directories, but my online research turns up contradictory shell commands. I request help to properly format the shell commands to correct authentications on the virtual directories for the ECP and OWA.

FWIW; One Exchange 2013 server holds all roles, the server name is "mail" & the internal name is mail.wti.local
Question by:GPCDIADMIN
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3

Expert Comment

ID: 39990104
Try working through this link - I initially thought it was permissions, and this seems to match your symptoms like-for-like


(le copy le paste from source)


make sure that the authentication methods used by OWA and ECP are matching this is done by running the following

> Get-owavirtualdirectory | fl

make sure that you using “Form based Authentication” and “Basic Authentication”


do the same with ECP using the following command line

> Get-ECPVirtualDirectory | fl


If not then you just need to reconfigure the Authentications on both Virtual Directories, DONNOT use IIS use Exchange Management Shell.

For owa use the following

>Set-owavirtualdirectory -identity “owa <Default Web site>” -FormAuthentication:$true

use the same also for ECP

>Set-ecpvirtualdirectory -identity “ecp <Default Web site>” -FormAuthentication:$true

then restart your iis services using the following


once finished try to access your ECP page again and it should work now

if it didn’t make sure to run the same command lines but using “owa <Exchange Back End>” to make sure that both Default web site and Exchange back end website authentication methods are matching.


Author Comment

ID: 39990175
The commands published at http://lyncdude.com  do not work for me. They appear to be incomplete or something is not correct for my application.

This is a production server. Please, to earn your 500 points, I ask that you respect my server integrity and provide me with complete and (correct for this instance) instructions.  Here is some more information to assist.

> Get-owavirtualdirectory | fl
Name                                                : owa (Default Web Site)
InternalAuthenticationMethods                       : {Basic, Fba, Ntlm, WindowsIntegrated}
MetabasePath                                        : IIS://EMAIL.WTI.LOCAL/W3SVC/1/ROOT/owa
BasicAuthentication                                 : True
WindowsAuthentication                               : True
DigestAuthentication                                : False
FormsAuthentication                                 : True
LiveIdAuthentication                                : False

> Get-ECPVirtualDirectory | fl
Name                            : ecp (Default Web Site)
InternalAuthenticationMethods   : {Basic, Fba}
MetabasePath                    : IIS://MAIL.WTI.LOCAL/W3SVC/1/ROOT/ecp
BasicAuthentication             : True
WindowsAuthentication           : False
DigestAuthentication            : False
FormsAuthentication             : True

Accepted Solution

GPCDIADMIN earned 0 total points
ID: 39992223
I found after much searching that the reason the lyncdude fix was not working, was that certain needed command arguments were not present in lyncdude's information.

With the more complete information below, I could readily deduce what elements were missing in my commands to successfully execute them.

set-Owavirtualdirectory -identity "E15MBX\owa (Exchange Back End)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset (only)  (iisreset /noforce would lockup the WWW publishing service every time)

For the "ECP" virtual directory

Type the following commands, and then press Enter after each line:

Add-PSSnapin *exchange*

Set-EcpVirtualDirectory -Identity "E15MBX\ecp (Exchange Back End)" -WindowsAuthentication $true -FormsAuthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset (only)  (iisreset /noforce would lockup the WWW publishing service every time)

Author Closing Comment

ID: 40001144
I had actually had found lyncdude's page prior to posting this question in experts-exchange. I posted a question here because I needed more comprehensive assistance with the command arguments.

With the more complete information, I could readily deduce what elements were missing in my commands to successfully execute them. That is why my solution worked.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question