Monday, April 4, 2016

Exchange 2013 ECP error 500 - Unexpected Error

Recently I discovered one of my clients ECP wasn't loading.
This obviously wasn't effecting mail flow, and ultimately it didn't cause any problems, as we still had EMS access. But some of the technicians who work with me cannot use PowerShell, so I took it upon myself to resolve the issue.

The resolution was to recreate the ECP Virtual Directory. Steps are below.

1) Remove the current ECP.
It's worth noting at this point, that doing this is the same process as it was in Exchange 2010, but you may run into some issues, specifically if you only have the one Exchange server with CAS and Database roles.

From EMS, run the following command Remove-EcpVirtualDirectory -Identity "SERVER\ecp (Default Web Site)"

This command removes the ECP virtual directory located within the default IIS website installed on the Exchange server that you specify with SERVER, but it also removes the ECP VD from the Exchange Back End web site, on the same server.

If you still see ECP under either Default Web Site or Exchange Back End, remove it manually.

2) Re-Create new ECP VD.
The command to create a new ECP VD is New-EcpVirtualDirectory -WebSiteName "Default Web Site" -InternalURL https://servername/ecp -ExternalURL
At this point, my personal preference is to have Internal and External URLs the same, as it removes the certificate error internally. Not critical, but just something nice for sys admins to deal with.

When I attempted this initially, it returned an error to state that the folder already existed. So I had to open C:\Windows\system32\inetsrv\config\applicationhost.config in Notepad, and remove all configuration lines referring to ECP

Once the command is run successfully, I noticed in IIS that the Exchange Back End ECP VD was still missing. To correct this, I ran New-EcpVirtualDirectory -WebSiteName "Exchange Back End" -InternalURL https://servername/ecp -ExternalURL

This command returned the following error "The AD configuration for virtual directory 'ecp' already exists"

I fired up ADSIEdit.msc and connected to Configuration, and located the folder in question here:
Services > Microsoft Exchange > First Organization > Administrative Groups > Exchange Administrative Group > Servers > Server Name > Protocols > HTTP

Do not delete it.
Open IIS, and Add Application under Exchange Back End site,
Alias: ecp
Application Pool: MSExchangeECPAppPool
Physical Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp
Select ECP > Authentication.
Ensure that both Anonymous Authentication and Windows Authentication are enabled.

Additional note:
During this process, I also ran into an issue where when I entered in valid credentials to the ECP page, it would redirect me to the logon page of ECP again. Entering invalid credentials, would show the expected error.

To resolve this, all I had to do was enabled Windows Authentication on the ECP site under Exchange Back End.

No comments:

Post a Comment