Solved

Cannot Access Exchange Control Panel ‘ECP’ in Exchange Server 2013

Posted on 2014-04-09
4
8,948 Views
2 Endorsements
Last Modified: 2014-04-15
I was working with the authentications methods for OWA and frankly, I must have messed something up.

Now, when trying to access the ECP, after providing your username and password, it takes you to the OWA page and it gives you a blank “HTTP 400 Error” page.

I understand an administrator can use the Exchange Management Shell to reconfigure the authentications on the virtual directories, but my online research turns up contradictory shell commands. I request help to properly format the shell commands to correct authentications on the virtual directories for the ECP and OWA.

FWIW; One Exchange 2013 server holds all roles, the server name is "mail" & the internal name is mail.wti.local
2
Comment
Question by:GPCDIADMIN
  • 3
4 Comments
 
LVL 6

Expert Comment

by:arroryn
ID: 39990104
Try working through this link - I initially thought it was permissions, and this seems to match your symptoms like-for-like

http://lyncdude.com/2013/02/07/cannot-access-exchange-contorl-panel-ecp-in-exchange-server-2013/

(le copy le paste from source)

Solution:

make sure that the authentication methods used by OWA and ECP are matching this is done by running the following

> Get-owavirtualdirectory | fl

make sure that you using “Form based Authentication” and “Basic Authentication”

3

do the same with ECP using the following command line

> Get-ECPVirtualDirectory | fl

4

If not then you just need to reconfigure the Authentications on both Virtual Directories, DONNOT use IIS use Exchange Management Shell.

For owa use the following

>Set-owavirtualdirectory -identity “owa <Default Web site>” -FormAuthentication:$true

use the same also for ECP

>Set-ecpvirtualdirectory -identity “ecp <Default Web site>” -FormAuthentication:$true

then restart your iis services using the following

>iisreset

once finished try to access your ECP page again and it should work now

if it didn’t make sure to run the same command lines but using “owa <Exchange Back End>” to make sure that both Default web site and Exchange back end website authentication methods are matching.

Cheers
0
 

Author Comment

by:GPCDIADMIN
ID: 39990175
The commands published at http://lyncdude.com  do not work for me. They appear to be incomplete or something is not correct for my application.

This is a production server. Please, to earn your 500 points, I ask that you respect my server integrity and provide me with complete and (correct for this instance) instructions.  Here is some more information to assist.


> Get-owavirtualdirectory | fl
Name                                                : owa (Default Web Site)
InternalAuthenticationMethods                       : {Basic, Fba, Ntlm, WindowsIntegrated}
MetabasePath                                        : IIS://EMAIL.WTI.LOCAL/W3SVC/1/ROOT/owa
BasicAuthentication                                 : True
WindowsAuthentication                               : True
DigestAuthentication                                : False
FormsAuthentication                                 : True
LiveIdAuthentication                                : False

> Get-ECPVirtualDirectory | fl
Name                            : ecp (Default Web Site)
InternalAuthenticationMethods   : {Basic, Fba}
MetabasePath                    : IIS://MAIL.WTI.LOCAL/W3SVC/1/ROOT/ecp
BasicAuthentication             : True
WindowsAuthentication           : False
DigestAuthentication            : False
FormsAuthentication             : True
0
 

Accepted Solution

by:
GPCDIADMIN earned 0 total points
ID: 39992223
I found after much searching that the reason the lyncdude fix was not working, was that certain needed command arguments were not present in lyncdude's information.

With the more complete information below, I could readily deduce what elements were missing in my commands to successfully execute them.

set-Owavirtualdirectory -identity "E15MBX\owa (Exchange Back End)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset (only)  (iisreset /noforce would lockup the WWW publishing service every time)

For the "ECP" virtual directory

Type the following commands, and then press Enter after each line:

Add-PSSnapin *exchange*

Set-EcpVirtualDirectory -Identity "E15MBX\ecp (Exchange Back End)" -WindowsAuthentication $true -FormsAuthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset (only)  (iisreset /noforce would lockup the WWW publishing service every time)
0
 

Author Closing Comment

by:GPCDIADMIN
ID: 40001144
I had actually had found lyncdude's page prior to posting this question in experts-exchange. I posted a question here because I needed more comprehensive assistance with the command arguments.

With the more complete information, I could readily deduce what elements were missing in my commands to successfully execute them. That is why my solution worked.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Utilizing an array to gracefully append to a list of EmailAddresses
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now