Friday, May 22, 2015

Exchange 2013 Blank ECP/OWA Screen, Showing Event ID 15021 HttpEvent System Log

I hit this one today after switching out an expired UCC certificate on two Exchange 2013 servers in a DAG.  Both the ECP/OWA screens after login just went to a white page and never load.  The servers were both showing hundreds of ID 15021 in the system event log that says "An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data."

Here's the steps to fix it:

1. Open a command prompt.

2. Enter netsh http show sslcert  This will show the certs on the server.  Copy and paste this information into notepad.  Copy this info "IP: port: 127.0.0.1:443".  Note that this information contains the certificate hash and the application ID.  This is the information needed.

3.  Run this command:  netsh http delete sslcert ipport=0.0.0.0:444

4.  Next run this command:  netsh http add sslcert ipport=0.0.0.0:444 certhash=123443211234321123 appid="{ab34k32abkr3252jsnekgljw}"  Make sure to include the quotes around the appid.

5. Finally restart the server.

This is all it takes to correct the issue.  Apparently this glitch is specific to Exchange 2013 as a web based ECP doesn't exist in the earlier versions.

Simple fix to a real inconvenience.

Good luck!

Certificate Not Showing After Importing Into Exchange 2013

I ran into this one today with two servers in a DAG.  This is caused by the certificate you're using not having the private key.  Here's how I fixed it:

Go to the 1st server -> Start -> Run -> MMC -> File -> Add/Remove Snap Ins -> Certificates -> Computer Certificates -> Local Computer

Browse to the personal certificate store, right click on the correct certificate, select All Tasks, and then Export.  Make sure here you choose "Export Private Key" and assign a password.  Click Next and then name the file and where you want to save it.  The file will have a .pfx extension.

From there on the 1st server inside ECP you can go to Servers -> Certificates -> Choose the server you want and then import the certificate.

Once this process is done just assign the services to the certificate (SMTP, POP, etc) and then restart the server if possible.  If not some say you can do an IISRESET from the command prompt and then you'll be good.

Good luck!


Wednesday, May 13, 2015

Unable to scan IIS status - The IIS Common Files... Server 2012/2012 R2

I ran into this issue today while trying to run the Microsoft BPA (Best Practices Analyzer) 2.3 on a Windows Server 2012 R2 box with IIS 8.5 installed.  Below is the full text of the error:

"Unable to scan IIS status - The IIS Common Files are not installed on the local computer.  Refer to the system requirements list under the Microsoft Business Security Analyzer Help."

Here's the short fix:

Go back into Roles and under Web Server (IIS) and install IIS 6 Management Compatibility --> IIS 6 Metabase Compatibility.

Apparently from what I find this is a Windows Server 2003 item that hasn't been updated in the current server platform documentation on the MBSA to reflect the need for this additional set of files.

The longer explanation is that in order for the MBSA to be able to scan IIS properly it needs to have IIS 6 Management Compatibility turned on and more specifically the IIS 6 Metabase Compatibility.

I hope this one helps as it took me quite a bit of research to run this issue down.

Good luck.