After Exchange 2013 system is updated or after reboot ECP / OWA and other IIS pages appear blank. Also Powershell is not able to open up, and event log is full of errors.
Exchange 2013 powershell errors out, and Exchange 2013 ECP doesn't work correctly (users get a login screen then a blank page). Moreover there is an EVENT being logged in Administrative Events (Event ID 15021, Source HttpEvent):
An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.
Error in PowerShell:
VERBOSE: Connecting to MAIL2. New-PSSession : [mail2] Connecting to remote server mail2 failed with the following error messa ge : [ClientAccessServer=MAIL2,BackEndServer=mail2,RequestId=fd9724cd-19fb-4842-b30d-c9c4b976119f,TimeStamp =2015-03-24 18:55:58] [FailureCategory=Cafe-SendFailure] For more information, see the about_Remote_Troubleshooting He lp topic. At line:1 char:1 + New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin gTransportException + FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed
Cause: This event is logged when an error occurred while using SSL configuration for socket address.The error status code is contained within the returned data.
Solution to solve it is to replace the certificate for 0.0.0.0:444 with the correct one. For some reason one of the certificates is being used instead of the one that is being served on standard https port.
- Click Start, point to All Programs, click Accessories, right-click Command Prompt, clickRun as administrator, and then click Continue.
- Type netsh http show sslcert, and then press ENTER to view the installed certificates.
- This will show the certs. Make a copy of the output to safe place.
- Under IP:port 127.0.0.1:443 note the certificate hash and application ID.
- Type netsh http delete sslcert ipport=0.0.0.0:444 (do this command even if the port doesn't exists on the list), and then press ENTER to delete the incorrectly installed certificate.
- netsh http add sslcert ipport=0.0.0.0:444 certhash=<noted_hash> appid=”<noted_appid>”, and then press ENTER to reinstall the certificate.
- Reboot server
That's it. After rebooting certificate should be in it's place and content from Exchange being served correctly.