Exchange

Exchange 2013 powershell errors out, and Exchange 2013 ECP doesn’t work correctly

After Exchange 2013 system is updated or after reboot ECP / OWA and other IIS pages appear blank. Also Powershell is not able to open up, and event log is full of errors.

Problem Description

Exchange 2013 powershell errors out, and Exchange 2013 ECP  doesn't work correctly (users get a login screen then a blank page). Moreover there is an EVENT being logged in Administrative Events (Event ID 15021, Source HttpEvent):

An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data.

Error in PowerShell:

VERBOSE: Connecting to MAIL2. New-PSSession : [mail2] Connecting to remote server mail2 failed with the following error messa ge : [ClientAccessServer=MAIL2,BackEndServer=mail2,RequestId=fd9724cd-19fb-4842-b30d-c9c4b976119f,TimeStamp =2015-03-24 18:55:58] [FailureCategory=Cafe-SendFailure] For more information, see the about_Remote_Troubleshooting He lp topic. At line:1 char:1 + New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin gTransportException + FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed

Cause: This event is logged when an error occurred while using SSL configuration for socket address.The error status code is contained within the returned data.

Solution

Solution to solve it is to replace the certificate for 0.0.0.0:444 with the correct one. For some reason one of the certificates is being used instead of the one that is being served on standard https port.

  1. Click Start, point to All Programs, click Accessories, right-click Command Prompt, clickRun as administrator, and then click Continue.
  2. Type netsh http show sslcert, and then press ENTER to view the installed certificates.
  3. This will show the certs. Make a copy of the output to safe place.
  4. Under IP:port 127.0.0.1:443 note the certificate hash and application ID.
  5. Type netsh http delete sslcert ipport=0.0.0.0:444 (do this command even if the port doesn't exists on the list), and then press ENTER to delete the incorrectly installed certificate.
  6. netsh http add sslcert ipport=0.0.0.0:444 certhash=<noted_hash> appid=”<noted_appid>”, and then press ENTER to reinstall the certificate.
  7. Reboot server

That's it. After rebooting certificate should be in it's place and content from Exchange being served correctly.

This post was last modified on August 15, 2018 23:42

Przemyslaw Klys

System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.

Share
Published by
Przemyslaw Klys

Recent Posts

Upgrade Azure Active Directory Connect fails with unexpected error

Today, I made the decision to upgrade my test environment and update the version of…

6 days ago

Mastering Active Directory Hygiene: Automating Stale Computer Cleanup with CleanupMonster

Have you ever looked at your Active Directory and wondered, "Why do I still have…

4 months ago

Active Directory Replication Summary to your Email or Microsoft Teams

Active Directory replication is a critical process that ensures the consistent and up-to-date state of…

8 months ago

Syncing Global Address List (GAL) to personal contacts and between Office 365 tenants with PowerShell

Hey there! Today, I wanted to introduce you to one of the small but excellent…

1 year ago

Active Directory Health Check using Microsoft Entra Connect Health Service

Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…

1 year ago

Seamless HTML Report Creation: Harness the Power of Markdown with PSWriteHTML PowerShell Module

In today's digital age, the ability to create compelling and informative HTML reports and documents…

1 year ago