Jun 08 2020 04:36 AM
Hi All
Hope everyone is keeping safe. Please can someone assist me with the following issue. For some reason I can no longer access the EAC on my Exchange 2016 server. I have tried different browsers and PCs but the result is still the same. I can get to the login screen and enter my details but then it gives an error. Refer to the attached images. Now I recently made a change to the OWA and ECP virtual directories because onboarding mailboxes to Office 365 was a problem. Not too sure if that broke something. I have rebooted the server since making those changes to the virtual directories.
Jun 08 2020 05:58 AM
Jun 08 2020 06:25 AM
Jun 08 2020 11:30 AM
Jun 08 2020 02:20 PM
Hi there. I moved the admin mailbox to the 2016 server however that still didn't solve the problem. Been doing a lot of reading and it seems like definitely the authentication settings on the OWA and ECP virtual directories I changed recently.
Jun 08 2020 02:23 PM
"It's also strange that onboarding didn't work properly, I would advice you to use the Office 365 ECP (outlook.office365.com/ecp) to create migration batches as the ECP within Exchange doesn't work properly sometimes (experienced this myself as well)." --- About this.....so what happened was that Exchange online wasn't able to connect to the migration endpoint. The only time it was able to connect was when I change the authentication options on those virtual directories.
Jun 09 2020 06:37 AM
Jun 10 2020 01:39 AM
@BemmelenPatrick Thanks for that info but I never had to change anything on the EWS virtual directory. Only after I made changes to the OWA directory was Office 365 able to connect to the migration endpoint.
Jun 10 2020 02:10 AM
Jun 10 2020 05:14 AM
Seems like those settings you want me to apply are already on there:
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory -Server ttafdatvxmr2 | Select *auth*, *mrs*
CertificateAuthentication :
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
MRSProxyEnabled : True
Jun 10 2020 05:19 AM
Do you think running the HCW will help correct all the authentication settings on the virtual directories? We last ran the HCW on the 2010 server, we haven't done it since adding the 2016 box.
Also, I noticed in 2016 there's a "default web site" and then there's "exchange backend". Do I need to correct the authentication settings on both?
Jun 10 2020 06:02 AM - edited Jun 10 2020 06:03 AM
Ah yes this makes sense now, yes you should run the HCW on the Exchange 2016 server and also make sure your external ports are forwarding to your Exchange 2016 server.
When you are in a Hybrid scenario the Exchange server with the most recent version of Exchange should always be the Hybrid configured server.
And you should indeed also check both the virtual directories in IIS and via the get-owavirtualdirectory and get-ecpvirtualdirectory commands if these match.
Jun 11 2020 05:08 AM
SolutionJun 15 2020 03:24 AM
Hi again. Thanks for all your assistance. I see the problem was that on the OWA virtual directory FormsAuthentication was set to false however on the ECP virtual directory it was set to true.
On the OWA virtual directory, I changed FormsAuthentication to true in order to match that of the ECP and now I can access the Exchange Admin Center.
Thanks you so much for all your assistance. Much appreciated.
Jun 15 2020 03:38 AM
Jun 11 2020 05:08 AM
Solution