GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on Petri.com - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

Unable to access /ecp or /owa

Home Forums Messaging Software Exchange 2007 / 2010 / 2013 Unable to access /ecp or /owa

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    mhashemi
    Member
    #165062

    I recently installed Exchange 2013 with SP1 on three new Exchange servers (Server 2012r2). They are all multi-role servers and when I open the ECP on two of them, I am prompted for credentials. On one of the new servers, I see the following:

    From Chrome on my PC ([url]https://servername/ecp[/url]), I am redirected to [url]https://servername/owa/auth/errorFE.aspx?httpCode=500[/url] and get a message that says

    Quote:
    The webpage at [url]https://servername/owa/auth/errorFE.aspx?httpCode=500[/url] has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

    Error code: Err_TOO_MANY_REDIRECTS

    From the server ([url]https://localhost/ecp/?ExchClientVer=15[/url]) I get

    Quote:
    Server Error in ‘/owa’ Application.

    Access is denied.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:
    [SecurityAccessDeniedException: Access is denied.]
    System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +14483202
    System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +622
    Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List1 currentlyUsedServers, ADServerRole role, Int32 serversRequested) +0
    Microsoft.Exchange.Data.Directory.<>c__DisplayClass10.b__f(IPooledServiceProxy
    1 proxy) +145
    Microsoft.Exchange.Net.ServiceProxyPool1.TryCallServiceWithRetry(Action1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception) +274

    Other symptoms include:

    Quote:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 3/17/2015 8:28:54 AM
    Event time (UTC): 3/17/2015 2:28:54 PM
    Event ID: 713290da2ff34773bae129f8953e4305
    Event sequence: 2
    Event occurrence: 1
    Event detail code: 0

    Application information:
    Application domain: /LM/W3SVC/1/ROOT/owa-29-130710761250745972
    Trust level: Full
    Application Virtual Path: /owa
    Application Path: C:Program FilesMicrosoftExchange ServerV15FrontEndHttpProxyowa
    Machine name: servername

    Quote:
    Event 3002: Protocol /owa failed to process request from identity NT AUTHORITYSYSTEM. Exception: Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server ‘TopologyClientTcpEndpoint (localhost)’. Error details: Access is denied.. —> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
    Quote:
    Event 4027: Process w3wp.exe (OWA) (PID=17208). WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 1 time(s). Error Details
    System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
    Quote:
    Event 1003 [Owa] An internal server error occurred. The unhandled exception was: Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server ‘TopologyClientTcpEndpoint (localhost)’. Error details: Access is denied.. —> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

    Here is what I tried:

    1. Remove-WebApplication -Site “Exchange Back End” -Name owa (with “New-WebApplication -Site “Exchange Back End” -Name owa -PhysicalPath “C:Program FilesMicrosoftExchange Serve…”). I did the same for ECP
    2. Remove-OwaVirtualDirectory “servernameowa (Default Web Site)” / Remove-OwaVirtualDirectory “servernameowa (exchange back end)” (with New-OwaVirtualDirectory -InternalUrl “https://url/owa&#8221; -ExternalUrl “https://&#8230; for both sites). I did the same for ECP
    3. Verified that KB2898571 is not applicable (the results of Get-ADPermission -Identity | where {($_.ExtendedRights -like “ms-Exch-EPI-Token-Serialization”) -and ($_.Deny -like “True”)} | ft -autosize User,ExtendedRights are the same on the servers that work and the one that doesn’t. Just to be sure, I verified that there are no groups as members of Domain Admins
    4. Verified that KB317471 is not applicable (wrong OS)
    5. Verified that the ECP and OWA virtual directories on all servers are set to FormsAuth==True & WindowsAuth==False
    6. Verified that Default Web Site, ecp, and owa virtual directories are all set to require SSL
    7. Rebooted

    This seems like an AD issue, but the broken server is on the same network (and in the same datacenter) as the servers that let me load ECP. Maybe I should un-join, then re-join the domain?

    Thoughts? Thanks.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.