Exchange 2013 strange connectivity issue

I've got a strange issue with Our internal Exchange 2013(CU5) installed on Windows 2012.
Every services are running but no connection could be made after the deletion of the old and expired certificate and the reboot of the server, be it by Outlook, Webmail, ECP or Exchange Shell.
When Trying the web access, It goes as far as the authentication but when authenticated I've got a blank screen.
When trying to connect through the Exchange Shell, it says that it doesn't find the Exchange.
When I found this issue, I did the following :
- I tried restart the whole Exchange topology : no changes
- I found 1006 errors but, because there is morte than 100GB free on 500GB total, I disabled the trigger in the config and restart the Exchange Topology : no changes
- I corrected a certificate issue regarding the management service in the IIS and restarted the IIS : no changes
- I checked the local DNS config and it seemed ok (SRV and A autodiscover ok and main A record ok)

Because it was becoming really critical, I put manually the new certificate on the 444 binding of the "Exchange Back End" site in the IIS and then restarted the IIS
Every access was restored then but the fix doesn't seem to be definitive to me.
Could you help me figure out what's the real issue so that I can make a definitive fix on it ?
Laurent UlrichSenior IT Consultant Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
"I've got a strange issue with Our internal Exchange 2013(CU5) installed on Windows 2012."

CU5 is no longer supported. You need to be on the current CU (as of today 8) or the previous (7). Therefore I suggest that the first thing you do is update the Exchange server.

Is there anything else on the server other than Exchange? The blank screen is classic corrupt SSL certificate. If you have a trusted certificate then getting it reissued is probably a good step. You shouldn't be changing the binding order within Exchange - if that is changing then I would suspect something else is getting in the way.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed HamadaSenior IT ConsultantCommented:
I agree with Simon, CU8 solved most of the problems with me that I had two times. once with CU5 and once with CU7. with CU5 most of the issues were related to IIS (OWA in particular ).
Laurent UlrichSenior IT Consultant Author Commented:
Thanks for your answers.
Because it is highly unlikely that the certificate itself is to blame (it has worked flawlessly for  at least 2 months and through multiple reboots), I'll update the Exchange to CU8 in the night, reboot and test again.
I'll keep you up to date regarding the results.
Best regards
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Laurent UlrichSenior IT Consultant Author Commented:
I updated the Exchange server to the CU 8 and rebooted.
It works now as it worked after my manual fix on the IIS with the certificate and because I don't find any way to remove the certificate ot the 444 binding it still works now as it worked before the update.
Thus, I have no way to check if the CU8 really fixed the issue.

Best regards
Simon Butler (Sembee)ConsultantCommented:
You don't "fix" the binding on 444.
The binding should be there, using the self signed certificate. It is how Exchange works on the 2013 version.

Your public certificate goes on the default web site, listening on port 443.

Laurent UlrichSenior IT Consultant Author Commented:
Thanks for your answer Simon but the certificate was correctly present in the default web site on port 443 and it didn't work (no OWA, no ECP, no shell, no Outlook, no connectivity whatsoever) even with all the services started correctly.
I had to put manually the certificate on the 444 binding of the Exchange Back End website to make it work.
Anyway, because we won't be able to get to the bottom of this issue with 100% certainty and because the situation is ok now even if not Microsoft Compliant I'll close the question.

Thanks for your time
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.