Exchange Server 2013 on prem OWA blank screen after logging in

Copper Contributor

Hi,

 

I have an Exchange Server 2013 Standard running on prem and has been working great for a few years.  Recently I updated the SSL certificate and everything seemed ok after the renewal.  I only noticed when a user asked to login to their mailbox via the web client that OWA was not functioning.  After entering the users credentials, the webpage turns white and nothing appears on the screen.  I have tried the following:

 

1) Different web browsers.  Tried Microsoft Edge and Google Chrome.

2) Different computers and accounts

3) Accessing from the LAN and from the WAN.

 

Same results from each test that there is a blank screen after logging in.  I am able to log in successfully into ECP and can view the Exchange Admin Centre.  I have tried researching the issue and there have been mentions that the SSL certificate is not installed correctly.  I have revoked and renewed the certificate and still am getting the same result.

 

I would be grateful for any advice on what else to try and if anyone else has had a similar issue and has been able to resolve it.

 

Regards,

 

Mark

9 Replies

Hello @mark_fad ,

The issue you found is a common issue pops up after certificate renewal. The major root cause found was related to the certificate assignment to the exchange backend ssl bindings for port 443. So, check this at IIS console and make sure that certificate is not missing or assigned correctly. After the fix, just refresh owa and you should be fine there on

Hi manuphilip,

 

Thank you for your reply.  I checked my certificates and they seem ok.  I have attached some images of the Default Web Site bindings and the Exchange Back End bindings if you could please have a look to see if they are correct?  The strange part is that ecp opens successfully but owa does not.  This is what is confusing me.

 

Regards,

 

Mark 

Hi @mark_fad 

Image Default_Site_Bindings.png shows a 443 binding for the local host also. Please check if certificate is assigned there too. 

Hi @manuphilip ,

 

I just attached the local host bindings.  Same certificate mail.afgroup247.com.au_2019.

 

Regards,

 

Mark

Hi @mark_fad ,

Certificate assignments looks okay. Now, it's some error you can try fixing by a built- in tool provided by Microsoft in your exchange server. Open a command prompt and perform the following steps

1. CD "C:\Program Files\Microsoft\Exchange Server\V15\Bin" and then press <ENTER>
2. Subdirectory will change to the above.
3. Updatecas.ps1, then press <ENTER>

 

Try access OWA again after fixing the cas server as above

Hi @manuphilip ,

 

Thank you for your continued support.  I am trying the script as suggested and still getting the white screen when opening OWA.  I have attached a screen shot of the powershell screen and the browser screen trying to open owa.

 

Regards,

 

Mark

Hi @mark_fad 

It is taking bit more time, as the usual troubleshooting steps didn't help so far. As the certificate swap has introduced this issue, we will check that direction again.

1.  Check eventlog in exchange server and see if you have errors like "An error occurred while using SSL configuration for endpoint 0.0.0.0:444". This will popup immediately after you try to login

2. If this is the case, you have to delete this association by following the steps below in exchange server

  • Open command prompt as administrator
  • Type netsh and enter
  • Type http and enter
  • Again type show sslcert  and enter
  • You will see two entries for 443 and 444. We know that 444 is incorrect and to be deleted
  • Delete by running the command delete sslcert ipport=0.0.0.0:444
  • Add the correct entry add sslcert ipport=0.0.0.0:444 certhash=xxxxxx appid="{yyyyyy}"
  • type show sslcert  and check if you see the entries as correct

3. The above steps should fix the issue.

4. Suppose the above steps are not applicable, forward us the error message from event viewer so that we will further bring up troubleshooting steps

Hi @manuphilip ,

 

Thanks for your continued support.  I went through windows event log and exchange event logs but can not see any errors with SSL in them.  I am not sure if these errors are relevant but i can see the following:

 

MSExchange Management Logs

Cmdlet failed. Cmdlet Get-UserPhoto, parameters {Identity=Jordan.Yap@afgroup247.com.au}.

Cmdlet failed. Cmdlet Get-MailboxDatabaseCopyStatus, parameters {Identity=Mailbox Database 1063958844\*, DomainController=AFSERVER.anytime.local}.

 

Active Directory Webservice Logs

Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.

Certificate name: AFSERVER.anytime.local

 

Is there any particular log file i should be checking?

 

Regards,

 

Mark

 

Hi @mark_fad ,

The interested logs are under Application/System. Try OWA login and check the entries there