Forum Discussion
KC_technew
Apr 08, 2021Copper Contributor
Exchange 2016 Issue. Event 15021 An error occurred while using SSL configuration for endpoint
Hello
My event logs on my exchange server are constantly getting hit with:
Event 15021 HttpEvent
An error occurred while using SSL configuration for endpoint [::]:443. The error status code is contained within the returned data.
I have checked around on this issue and some of the other results or fixes of this issue don't seem to work with mine. My users are able to access OWA and ECP and I don't really notice any issues with the system. Other reports have have these troubleshooting steps:
netsh http show sslcert
this returns:
SSL Certificate bindings:
-------------------------
IP:port : 0.0.0.0:443
Certificate Hash : 0c9d535326----------------------------
Application ID : {4dc3e181-e14b------------------------}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
IP:port : 0.0.0.0:444
Certificate Hash : 760aa39d552--------------------------
Application ID : {4dc3e181-e14b-----------------------}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
IP:port : 0.0.0.0:8172
Certificate Hash : 23f927ab6ccfb----------------------------
Application ID : {00000000-0000-0000-0000-000000000000}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
IP:port : 127.0.0.1:443
Certificate Hash : 0c9d5353261e510-------------------------
Application ID : {4dc3e181-e14b----------------------}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
IP:port : [::]:443
Certificate Hash : 7d8923810fce72--------------------------
Application ID : {ba195980-cd49---------------------}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
I am assuming the last binding is the issue but when I go to IIS and check that binding for 443 * it shows my correct wildcard certificate.
But this netsh command does show a different Certificate Hash from the 443 certs and they really should be the same so I am not sure why IIS is showing it that way. Should I run the netsh command and replace the certificate for the this binding to match the one that is in the other bindings?
- KC_technewCopper ContributorLooking further I don't see a cert available that matches the certificate hash that is tied to the [::]:443 binding. I am just going to update the certificate on that one to match the one I use for 443 and see how it goes.