Jul 13 2020 05:43 PM
Hi,
I have an Exchange Server 2013 Standard running on prem and has been working great for a few years. Recently I updated the SSL certificate and everything seemed ok after the renewal. I only noticed when a user asked to login to their mailbox via the web client that OWA was not functioning. After entering the users credentials, the webpage turns white and nothing appears on the screen. I have tried the following:
1) Different web browsers. Tried Microsoft Edge and Google Chrome.
2) Different computers and accounts
3) Accessing from the LAN and from the WAN.
Same results from each test that there is a blank screen after logging in. I am able to log in successfully into ECP and can view the Exchange Admin Centre. I have tried researching the issue and there have been mentions that the SSL certificate is not installed correctly. I have revoked and renewed the certificate and still am getting the same result.
I would be grateful for any advice on what else to try and if anyone else has had a similar issue and has been able to resolve it.
Regards,
Mark
Jul 13 2020 09:21 PM
Hello @mark_fad ,
The issue you found is a common issue pops up after certificate renewal. The major root cause found was related to the certificate assignment to the exchange backend ssl bindings for port 443. So, check this at IIS console and make sure that certificate is not missing or assigned correctly. After the fix, just refresh owa and you should be fine there on
Jul 14 2020 05:38 PM
Hi manuphilip,
Thank you for your reply. I checked my certificates and they seem ok. I have attached some images of the Default Web Site bindings and the Exchange Back End bindings if you could please have a look to see if they are correct? The strange part is that ecp opens successfully but owa does not. This is what is confusing me.
Regards,
Mark
Jul 14 2020 09:32 PM
Hi @mark_fad
Image Default_Site_Bindings.png shows a 443 binding for the local host also. Please check if certificate is assigned there too.
Jul 14 2020 11:13 PM
Hi @manuphilip ,
I just attached the local host bindings. Same certificate mail.afgroup247.com.au_2019.
Regards,
Mark
Jul 15 2020 12:06 AM
Hi @mark_fad ,
Certificate assignments looks okay. Now, it's some error you can try fixing by a built- in tool provided by Microsoft in your exchange server. Open a command prompt and perform the following steps
1. CD "C:\Program Files\Microsoft\Exchange Server\V15\Bin" and then press <ENTER>
2. Subdirectory will change to the above.
3. Updatecas.ps1, then press <ENTER>
Try access OWA again after fixing the cas server as above
Jul 15 2020 12:33 AM
Hi @manuphilip ,
Thank you for your continued support. I am trying the script as suggested and still getting the white screen when opening OWA. I have attached a screen shot of the powershell screen and the browser screen trying to open owa.
Regards,
Mark
Jul 15 2020 01:01 AM
Hi @mark_fad
It is taking bit more time, as the usual troubleshooting steps didn't help so far. As the certificate swap has introduced this issue, we will check that direction again.
1. Check eventlog in exchange server and see if you have errors like "An error occurred while using SSL configuration for endpoint 0.0.0.0:444". This will popup immediately after you try to login
2. If this is the case, you have to delete this association by following the steps below in exchange server
3. The above steps should fix the issue.
4. Suppose the above steps are not applicable, forward us the error message from event viewer so that we will further bring up troubleshooting steps
Jul 15 2020 11:59 PM
Hi @manuphilip ,
Thanks for your continued support. I went through windows event log and exchange event logs but can not see any errors with SSL in them. I am not sure if these errors are relevant but i can see the following:
MSExchange Management Logs
Cmdlet failed. Cmdlet Get-UserPhoto, parameters {Identity=Jordan.Yap@afgroup247.com.au}.
Cmdlet failed. Cmdlet Get-MailboxDatabaseCopyStatus, parameters {Identity=Mailbox Database 1063958844\*, DomainController=AFSERVER.anytime.local}.
Active Directory Webservice Logs
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
Certificate name: AFSERVER.anytime.local
Is there any particular log file i should be checking?
Regards,
Mark
Jul 16 2020 12:02 AM
Hi @mark_fad ,
The interested logs are under Application/System. Try OWA login and check the entries there