Xadean's Empirical Musing

After applying CU3 or SP1, I have seen an issue where the Exchange Admin Center (EAC) / Exchange Control Panel (ECP) cannot load. You can check what the EAC/ECP URL is by issuing this powershell command in the Exchange Management Shell:

Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL

Get-OwaVirtualDirectory | select *auth*,*url*

Output should look similar to the following:

Name : ecp (Default Web Site)

InternalUrl : https://btfex1.hq.biztechfusion.com/ecp

ExternalUrl : https://owa.biztechfusion.com/ecp

Name : ecp (Default Web Site)

InternalUrl : https://btfex13.hq.biztechfusion.com/ecp

ExternalUrl : https://owa.biztechfusion.com/ecp

When I tried accessing EAC/ECP with the URL above, I saw the form based login form (screenshot below).

However, I get a "HTTP 400 Bad Request :( The request sent by your browser was not valid." error after entering the username and password. I tested accessing OWA and I am able to successfully login there. So here are the steps I took to resolve the issue:

Resolution

• Recreate the ECP virtual directories with the following commands:

  Remove-EcpVirtualDirectory -Identity "btfex13.hq.biztechfusion.com\ecp (Default Web Site)"

  New-EcpVirtualDirectory -Server BTFEX13 -InternalURL https://btfex13.hq.biztechfusion.com/ecp -ExternalURL https://owa.biztechfusion.com/ecp

  Set-ECPVirtualDirectory -Identity "BTFEX13\ecp (Default Web Site)" -AdminEnabled $True

   

• We remove FormsAuthentication from ECP & OWA by running below commands:

  Set-OwaVirtualDirectory -Identity "BTFEX13\owa (Exchange back end)" -WindowsAuthentication $true -FormsAuthentication $false -BasicAuthentication $false

  Set-EcpVirtualDirectory -Identity "BTFEX13\ecp (Default Web Site)" -WindowsAuthentication $true -FormsAuthentication $false

   

• Recycled MSExchangeOwaAppPool under IIS, Application Pools.

   

• Ran "iisreset" from elevated command prompt.

   

• Ran the "UpdateCAS.ps1" powershell script from the Exchange install directory scripts subfolder. The command example is as follows:

   

  C:\Program Files\Microsoft\Exchange Server\V15\Bin>.\UpdateCas.ps1

   

  Sample output is as follows:

   

  [PS] C:\Program Files\Microsoft\Exchange Server\V15\Bin>.\UpdateCas.ps1

  [16:29:45] ***********************************************

  [16:29:45] * UpdateCas.ps1: 4/28/2014 4:29:45 PM

  [16:29:46] Updating OWA/ECP on server BTFEX13

  [16:29:46] Finding ClientAccess role install path on the filesystem

  [16:29:46] Updating OWA to version 15.0.847.31

  [16:29:46] Copying files from 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\Current' to 'C:\Program

  Files\Microsoft\Exchange Server\V15\ClientAccess\owa\15.0.847.31'

  [16:29:47] Update OWA done.

  [16:29:47] Updating OWA to version 15.0.847.32

  [16:29:47] Copying files from 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\Current2\version' to 'C:

  \Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\prem\15.0.847.32'

  [16:32:22] Update OWA done.

  [16:32:22] Updating ECP to version 15.0.847.32

  [16:32:22] Copying files from 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\Current' to 'C:\Program

  Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\15.0.847.32'

  [16:32:27] Update ECP done.

   

• Go into IIS Exchange Back End web site, click on Authentication, and then right-click on Windows Authentication. Click on Providers. Make sure you have Negotiate and NTLM under Enabled Providers.

Click on OK. Then re-run "iisreset" from elevated command prompt.

After performing these steps, I was able to successfully login to ECP and OWA once again.