• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

Exchange 2013 strange connectivity issue

Dears,
I've got a strange issue with Our internal Exchange 2013(CU5) installed on Windows 2012.
Every services are running but no connection could be made after the deletion of the old and expired certificate and the reboot of the server, be it by Outlook, Webmail, ECP or Exchange Shell.
When Trying the web access, It goes as far as the authentication but when authenticated I've got a blank screen.
When trying to connect through the Exchange Shell, it says that it doesn't find the Exchange.
When I found this issue, I did the following :
- I tried restart the whole Exchange topology : no changes
- I found 1006 errors but, because there is morte than 100GB free on 500GB total, I disabled the trigger in the config and restart the Exchange Topology : no changes
- I corrected a certificate issue regarding the management service in the IIS and restarted the IIS : no changes
- I checked the local DNS config and it seemed ok (SRV and A autodiscover ok and main A record ok)

Because it was becoming really critical, I put manually the new certificate on the 444 binding of the "Exchange Back End" site in the IIS and then restarted the IIS
Every access was restored then but the fix doesn't seem to be definitive to me.
Could you help me figure out what's the real issue so that I can make a definitive fix on it ?
0
Laurent Ulrich
Asked:
Laurent Ulrich
  • 3
  • 2
2 Solutions
 
Simon Butler (Sembee)ConsultantCommented:
"I've got a strange issue with Our internal Exchange 2013(CU5) installed on Windows 2012."

CU5 is no longer supported. You need to be on the current CU (as of today 8) or the previous (7). Therefore I suggest that the first thing you do is update the Exchange server.

Is there anything else on the server other than Exchange? The blank screen is classic corrupt SSL certificate. If you have a trusted certificate then getting it reissued is probably a good step. You shouldn't be changing the binding order within Exchange - if that is changing then I would suspect something else is getting in the way.

Simon.
0
 
Mohammed HamadaSenior IT ConsultantCommented:
I agree with Simon, CU8 solved most of the problems with me that I had two times. once with CU5 and once with CU7. with CU5 most of the issues were related to IIS (OWA in particular ).
0
 
Laurent UlrichSenior IT Consultant Author Commented:
Thanks for your answers.
Because it is highly unlikely that the certificate itself is to blame (it has worked flawlessly for  at least 2 months and through multiple reboots), I'll update the Exchange to CU8 in the night, reboot and test again.
I'll keep you up to date regarding the results.
Best regards
Laurent
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Laurent UlrichSenior IT Consultant Author Commented:
Dears,
I updated the Exchange server to the CU 8 and rebooted.
It works now as it worked after my manual fix on the IIS with the certificate and because I don't find any way to remove the certificate ot the 444 binding it still works now as it worked before the update.
Thus, I have no way to check if the CU8 really fixed the issue.

Best regards
0
 
Simon Butler (Sembee)ConsultantCommented:
You don't "fix" the binding on 444.
The binding should be there, using the self signed certificate. It is how Exchange works on the 2013 version.

Your public certificate goes on the default web site, listening on port 443.

Simon.
0
 
Laurent UlrichSenior IT Consultant Author Commented:
Thanks for your answer Simon but the certificate was correctly present in the default web site on port 443 and it didn't work (no OWA, no ECP, no shell, no Outlook, no connectivity whatsoever) even with all the services started correctly.
I had to put manually the certificate on the 444 binding of the Exchange Back End website to make it work.
Anyway, because we won't be able to get to the bottom of this issue with 100% certainty and because the situation is ok now even if not Microsoft Compliant I'll close the question.

Thanks for your time
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now