Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tuesday, November 27, 2012 11:59 PM
I installed Exchange 2013 on 2 brand new Server 2012 virtual machines, one with the mailbox role and another with the CAS roles. The installation completed without errors but I cannot log on to the ECP (or OWA for that matter). As I enter my user/pass, the password field goes blank and a number of event log entries are added (see below).
I'm using the default administrator account (also Enterprise Admin, Domain Admin and member of the Organization Management security groups). I mail-enabled the account with enable-mailuser + enable-mailbox. I can execute Exchange Powershell cmdlets when logged on with this account, so security looks good.
The problem is OWA/ECP which consistenly logs the following errors when I attempt to access the OWA:
[Ecp] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.ProxyModule.<>c__DisplayClassa.<OnBeginRequest>b__9()
at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
[Owa] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.ProxyModule.<>c__DisplayClassa.<OnBeginRequest>b__9()
at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 28/11/2012 0:47:38
Event time (UTC): 27/11/2012 23:47:38
Event ID: 12c0aac14e0c45b093e860f6699b0d76
Event sequence: 4
Event occurrence: 3
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT/Rpc-2-129985330412727995
Trust level: Full
Application Virtual Path: /Rpc
Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc\
Machine name: <cleaned up>
Process information:
Process ID: 4848
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Exception information:
Exception type: HttpException
Exception message: The client disconnected.
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result)
at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)
Request information:
Request URL: http://%3Ccleaned up>/rpc/rpcproxy.dll?688b9c54-fc83-47a6-bf82-343799d288d5@falcora.net:6001
Request path: /rpc/rpcproxy.dll
User host address: fe80::d58e:d780:34ed:af68C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc\
User: FALCORA\SM_29bd07d0480e4b41a
Is authenticated: True
Authentication Type: NTLM
Thread account name: NT AUTHORITY\SYSTEM
Thread information:
Thread ID: 18
Thread account name: NT AUTHORITY\SYSTEM
Is impersonating: False
Stack trace: at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result)
at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)
I have spent hours wading through log files and posts, and cannot get my head around this one.
Thursday, November 29, 2012 11:42 PM ✅Answered | 12 votes
After countless hours of not giving up, I finally cracked this problem! This thread ended up pointing me in the right direction. The basic problem is that the Exchange code cannot properly handle X.509 certificates signed with the new and mighty Microsoft Software Key Storage Provider (which is kind of funny), you need to feed Exchange 2013 certificates with a key signed by the old faithfull Microsoft RSA SChannel Cryptographic Provider.
You can check this by running: certutil -store my
Create a new certificate template (Web server V3) with RSA, adjust your policy as needed, request new certificates and run enable-exchangecertificate -thumbprint "xxx" -services "IIS, IMAP, POP, SMTP" -server yyy on all your CAS and mailbox servers. Perform a quick reboot and you should be able to sign into ECP/OWA.
Now onto the fun part of configuring E2013 :-)
Wednesday, November 28, 2012 8:45 AM
Hi,
Does this issue occur when you accessing the ECP/OWA from IE on both the MBX and CAS server?
You can try checking the IIS log and let us know the detailed error codes
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnfsl@microsoft.com
Thanks,
Simon Wu
TechNet Community Support
Wednesday, November 28, 2012 12:26 PM
Hi Simon,
I am trying this on the CAS server. Per your email I attempted the same on the mailbox server using https://localhost:444/ecp which provides me with access to the user settings part of the ECP but I cannot access any of the server admin menus.
Here is the part of the IIS log file for the CAS server:
<quote>2012-11-28 12:07:02 192.168.248.78 POST /owa/auth.owa - 443 domainname\administrator 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 31 2012-11-28 12:07:02 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 15 2012-11-28 12:07:02 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:02 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Kxc/L 80 - fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Kxc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 46 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 - fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 156 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 15 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 31 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 - fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 0 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 31 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 15 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/L 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 500 0 64 93 2012-11-28 12:07:04 fe80::d58e:d780:34ed:af68%12 POST /powershell PSVersion=3.0&sessionID=Version_15.0_(Build_515.0)=rJqNiZqNgb26pbC6rKjPyMjRmZ6TnJCNntGRmouBzsbLzsbGyc/MyYHNx9DOztDNz87N387Nxc7Ixc/K 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 Microsoft+WinRM+Client - 200 0 0 15 2012-11-28 12:07:06 ::1 GET /OWA/Calendar/resource - 443 - ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:10 192.168.248.78 POST /owa/auth.owa - 443 domainname\administrator 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 0 2012-11-28 12:07:10 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 15 2012-11-28 12:07:10 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:10 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 0 2012-11-28 12:07:15 ::1 GET /ecp/ReportingWebService/ - 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 0 2012-11-28 12:07:15 ::1 GET /OAB/ - 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 15 2012-11-28 12:07:23 192.168.248.78 POST /owa/auth.owa - 443 administrator@domainname.net 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 64 46 2012-11-28 12:07:23 192.168.248.78 POST /owa/auth.owa - 443 administrator@domainname.net 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 47 2012-11-28 12:07:23 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 0 2012-11-28 12:07:23 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:23 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 0 2012-11-28 12:07:31 ::1 GET /PowerShell/ - 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 15 2012-11-28 12:07:31 ::1 GET /PowerShell/ - 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 0 2012-11-28 12:07:35 ::1 GET /Microsoft-Server-ActiveSync/default.eas - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:35 ::1 RPC_IN_DATA /RPC/rpcproxy.dll &RequestId=39c4a41e-a1b7-4b14-950f-613c00003c21 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 4764 2012-11-28 12:07:37 ::1 GET /AutoDiscover/ - 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:40 ::1 POST /OWA/auth.owa - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 AMProbe/Local/ClientAccess - 302 0 0 0 2012-11-28 12:07:45 ::1 OPTIONS /Microsoft-Server-ActiveSync/default.eas - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 TestActiveSyncConnectivity - 200 0 0 31 2012-11-28 12:07:45 ::1 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Settings&User=HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net&DeviceId=EASProbeDeviceId140&DeviceType=EASProbeDeviceType 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 TestActiveSyncConnectivity - 200 0 0 31 2012-11-28 12:07:46 192.168.248.78 POST /owa/auth.owa - 443 domainname\rvantigchelt 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 156 2012-11-28 12:07:46 192.168.248.78 GET /ecp - 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 302 0 0 0 2012-11-28 12:07:46 192.168.248.78 GET /owa/auth/logon.aspx url=https%3a%2f%2fbezoesw078.domainname.net%2fecp&reason=0 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://bezoesw078.domainname.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 200 0 0 0 2012-11-28 12:07:46 192.168.248.78 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fbezoesw078.domainname.net%2fecp 443 - 192.168.0.70 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - 200 0 0 15 2012-11-28 12:07:48 ::1 GET /ecp/ - 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/ - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx url=https%3a%2f%2flocalhost%2fowa%2f&reason=0 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/ - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx url=https%3a%2f%2flocalhost%2fowa%2f&reason=0 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2flocalhost%2fowa%2f 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 15 2012-11-28 12:07:52 ::1 GET /owa/auth/15.0.516/scripts/premium/flogon.js - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:52 ::1 POST /owa/auth.owa - 443 HealthMailbox05cc5165625d48ed9b2a389c9a93bddf@domainname.net ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 15 2012-11-28 12:07:52 ::1 GET /owa/ - 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 302 0 0 0 2012-11-28 12:07:52 ::1 GET /owa/auth/logon.aspx url=https%3a%2f%2flocalhost%2fowa%2f&reason=0 443 - ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) - 200 0 0 0 2012-11-28 12:07:57 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=565da176-2fcf-4510-a753-22b584ec6467 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:07:57 ::1 GET /ews/ - 443 domainname\SM_29bd07d0480e4b41a ::1 AMProbe/Local/ClientAccess - 200 0 0 0 2012-11-28 12:07:58 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=ee2712f3-8601-453a-b0c9-e91f5805d1f4 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 MSRPC - 200 0 0 1015 2012-11-28 12:07:58 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=fa7f3d36-8824-4d96-9f1f-a6c96cb4292d 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:07:58 fe80::d58e:d780:34ed:af68%12 RPC_OUT_DATA /rpc/rpcproxy.dll 688b9c54-fc83-47a6-bf82-343799d288d5@domainname.net:6001&RequestId=3a4c74ad-6d5a-489d-8d2a-34a244f8766d 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=e23195c3-b7e6-4f86-abef-d95394ef0445 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=304cfabd-2c85-4310-a1cb-3a43fcc23afe 80 domainname\SM_29bd07d0480e4b41a fe80::d58e:d780:34ed:af68%12 MSRPC - 200 0 0 62 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_IN_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=98598c38-8f6b-47eb-9283-98ad6a464e30 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 0 2012-11-28 12:08:03 fe80::d58e:d780:34ed:af68%12 RPC_OUT_DATA /rpc/rpcproxy.dll b182ea7a-21b5-471a-a24f-13dfbf7d5c56@domainname.net:6001&RequestId=7cafff1d-31ab-45a6-9cf4-0663dfaa9fea 80 - fe80::d58e:d780:34ed:af68%12 MSRPC - 401 1 2148074254 15 </quote>
<quote><quote>Thanks</quote></quote>
Thursday, November 29, 2012 8:38 AM
Hi,
From the IIS log, I find most of the error code is “302 0”. I would like to ask whether you set any redirections on the default web site before?
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnfsl@microsoft.com
Simon Wu
TechNet Community Support
Thursday, November 29, 2012 12:09 PM
Hi Simon,
No redirections were set. This was a cleanly installed Windows 2012 server (+ windows updates), installed UCMA + 2 Office prerequisites. All other required Windows 2012 roles and features were installed by the Exchange setup. No manual changes were made to IIS.
Thanks
Wednesday, December 26, 2012 12:05 AM
I think, This is a "default" problem of Exchange 2013... I hope MS release a proper installation package which is running.
Monday, February 4, 2013 7:11 AM
You saved me today! That really helped :) Persistence always wins.
Ignoring what everybody else out there suggested to reinstall CAS server, reinstall IIS server (which I was never going to do) after all the hardwork done for post installation of exchange only your post helped me figure out what the issue was.
Cheers,
Nazim
Thursday, May 2, 2013 8:41 AM
Thanks for sharing this Rudi ! Had the exact issue here.
Tuesday, August 6, 2013 10:24 AM
Bang on! Fixed my issue with the ECP\OWA many thanks
Sunday, April 13, 2014 1:05 PM
saved me hours, thanks a lot!
Thursday, December 11, 2014 7:23 AM
Here's what i did that fixed this.
set-ecpvirtualdirectory -Identity "ecp (default web site)" -windowsauthentication $true -formsauthentication $false
do an IISreset
log in to your ecp with https://servername/ecp/?exchclientver=15
Saturday, January 17, 2015 7:32 PM
I had also the invalid password problem.
I wish to thank you, this solution solved my problem.
Best Regards
Monday, June 1, 2015 1:10 AM
Based on the other replies this looks like exactly the solution I need. The only thing that would make it better... is if you told us how to do it.
"Create a new certificate template (Web server V3) with RSA, adjust your policy as needed, request new certificates and run enable-exchangecertificate -thumbprint "xxx" -services "IIS, IMAP, POP, SMTP" -server yyy on all your CAS and mailbox servers. Perform a quick reboot and you should be able to sign into ECP/OWA."
Looks very useful, but I have no idea how to do it.
-Kendall
Monday, July 13, 2015 2:46 PM
Oh Kendall,
You beat me to it !!!!!
I have just installed Server 2012 and now put exchange 2013 on but can get no further that the ecp login.. it takes the username and password put stays on the logon screen ! ??
Monday, July 10, 2017 8:41 PM
Hi all,
If still needed. All is explained in:
https://blogs.technet.microsoft.com/jasonsla/2015/01/15/the-one-with-the-fba-redirect-loop
Cheers, Manfred