Share via

How to fix 500 HTTP login Exchange 2019 ecp

Nguyễn Bá Hiếu 0 Reputation points
2026-03-24T23:03:41.31+00:00

I am currently encountering an issue with logging into Exchange 2019 and require assistance from Exchange infrastructure specialists.

I have deployed an Active Directory and Exchange 2019 environment running on Windows Server 2022 for my organization. In the initial phase, I provisioned two Domain Controllers and two Exchange servers at Site A. At that stage, Exchange administration was functioning normally—I had successfully configured a DAG and created test mailboxes; however, the system had not yet been put into production.

Subsequently, the company expanded by deploying two additional Domain Controllers at Site B over a WAN connection. Due to resource decommission requirements, the four servers at Site A were scheduled for removal. During this phase, I deployed two new Domain Controllers, transferred FSMO roles accordingly, and uninstalled the two legacy Exchange servers using command-line methods. This process included the removal of test mailboxes and the DAG...

Afterward, I performed a fresh installation of two Exchange servers within the domain environment. The installation completed without any errors. However, when attempting to access OWA and ECP, I am encountering an HTTP 500 error. I have consulted GPT regarding permission issues and metadata cleanup, but have not yet been able to resolve the problem.

Exchange | Exchange Server | Management
Exchange | Exchange Server | Management

The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vergil-V 10,660 Reputation points Microsoft External Staff Moderator
    2026-03-25T01:51:41.5433333+00:00

    Hi @Nguyễn Bá Hiếu 

    Based on my research, there are several checks you can perform to support further troubleshooting: 

    1/ Verify arbitration mailboxe

    Please confirm that the arbitration mailboxes are present and were not accidentally deleted during a decommissioning process. You can do this by running the following command: 

     Get-Mailbox –Arbitration. 

    If the output shows no arbitration mailboxes or returns an error, you may refer to the following Microsoft article for step-by-step guidance on recreating them: Re-create missing arbitration mailboxes | Microsoft Learn  

    2/ Confirm the mailbox and database status 

    Please double check that the account has an associated mailbox and that it is linked to the correct, mounted mailbox database by running: 

     Get-Mailbox -Identity "Administrator" | Format-List Name, Database, ServerName 

    Using the database name returned from this command, you can verify the database mount status with: 

    Get-MailboxDatabaseCopyStatus -Identity "Mailbox Database xxxxx" for verify the mount status 

     

    3/ Review the authentication certificate 

    Another potential cause may be an issue with the authentication certificate. You can review the current certificate details by running: 

    (Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List Subject, Thumbprint, NotAfter, NotBefore 

    If the certificate is missing or has expired, please refer to the following Microsoft documentation for guidance on creating a new authentication certificate: Maintain the Exchange server OAuth certificate | Microsoft Learn 

    For additional insight, reviewing relevant entries in Event Viewer may also provide useful information to support troubleshooting. 

    I hope these steps provide helpful insight and assist you in moving forward.  If you have any updates or additional findings, please feel free to share them. 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Q&A Assist
    2026-03-24T23:04:04.3433333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Based on the described scenario (freshly installed Exchange 2019 servers, HTTP 500 when accessing OWA/ECP), use the following targeted checks and fixes that match known 500-error causes in the context.

    1. Check for post‑update HTTP 500 issues If any cumulative update (CU) or security update (SU) was installed on the new Exchange 2019 servers, a failed or incomplete update can cause HTTP 500 for OWA/ECP with assembly‑load errors.
    2. On each Exchange server, open an elevated Command Prompt.
    3. Re‑run the latest Exchange security update .msp locally:
      • Run cmd as Administrator.
      • Type the full path to the Exchange security update .msp file and press Enter.
      • Let the update complete, then restart the server.

    This specifically addresses HTTP 500 errors where OWA/ECP cannot load Microsoft.Exchange.Common or related assemblies after an update.

    1. Check for OAuth certificate issues after July 2021 or later SUs If the July 2021 SU or any later SU is installed, missing or expired Exchange OAuth certificates can prevent login to OWA/ECP and result in HTTP 500 or login loops.
    2. On an Exchange Management Shell, verify the Exchange authorization (OAuth) certificate status.
    3. If the OAuth certificate is missing or expired, renew it by following the steps in the article referenced in the context (“cannot access OWA or ECP if OAuth expired”).
    4. If a load balancer is used in front of the two new Exchange servers:
      • Ensure both servers are updated to at least the July 2021 SU (or later) before putting them behind the load balancer.
      • As a temporary workaround, configure persistence/affinity on the load balancer to source-ip so that a user’s session stays on the same server.
    5. Verify Exchange 2019 RTM cipher suite issue (if using RTM without CU1+) If the new servers are still on Exchange 2019 RTM (no CU1 or later), incorrect cipher suite configuration can prevent secure sessions to OWA/ECP and cause browser errors or failures.
    6. Confirm the exact Exchange 2019 build (RTM vs CU1+).
    7. If RTM is in use:
      • Apply Exchange 2019 Cumulative Update 1 or later.
      • Alternatively, apply the documented PowerShell workaround on each server to correct the cryptography cipher suites so that HTTP/2 and supported ciphers are enabled for all supported browsers.
    8. Validate admin mailbox and arbitration mailboxes If the admin account used to access ECP does not have a mailbox, or arbitration mailboxes are unhealthy or missing (especially after removing the original Exchange servers and reinstalling), EAC/ECP sign‑in can fail with HTTP 500.
    9. Ensure the admin account has a mailbox:
      • In Exchange Management Shell: 
              Enable-Mailbox -Identity <admin ID>
    10. Check arbitration mailboxes:
      • Run: 
              Get-Mailbox -Arbitration
      • Healthy output should list the expected arbitration mailboxes without warnings or errors.
    11. If any arbitration mailboxes are missing or unhealthy, re‑create or repair them by following the steps in “Re-create missing arbitration mailboxes” referenced in the context.
    12. Re‑check environment variables and virtual directory paths (if EMS/EAC remote PowerShell also fails) If starting Exchange Management Shell or remote PowerShell also shows HTTP 500 errors, verify:
    13. The ExchangeInstallPath system environment variable is present and points to the correct Exchange installation folder.
    14. In IIS Manager, under Default Web Site, the PowerShell virtual directory points to the correct ClientAccess\PowerShell folder for the installed Exchange version.

    These steps address common HTTP 500 causes for OWA/ECP on new or rebuilt Exchange 2019 servers after decommissioning older servers and installing updates.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.