Mixed Exchange Server ECP portal not accessible

Copper Contributor

We have 4 servers, 2 exchange 2013 servers and 2 exchange 2016 servers, if all the servers are on ECP porta is accessible, but if we turn off 2 exchange 2013 servers, then ECP portal is not accessible, checked all the internal & External URL's for ECP and OWA, checked the bindings, checked, SPN's, checked DNS and all the configurations are Good, nothing we are able to get from Event logs also

 

Can anyone help on this... we want to get rid of exchange 2013 and run with exchange 2016 servers

15 Replies

@Prashanth Purushotham 

Please review below link!

https://learn.microsoft.com/en-us/exchange/management/health/troubleshooting-ecp-health-set/?WT.mc_i...

 

[Exchange 2016]

Get-ServerHealth -Identity server1.contoso.com -HealthSet ECP

@TAE_YOUN_ANN 

 

Thank You for the Information...

 

But, it also looks good... and issue remains the same... turning off two Exchange 2013 servers ECP portal is not working with Exchange 2016, SMTP mail flow is all working good... tested with sample SMTP send mail through PowerShell

 

Screenshot attached for the Get-ServerHealth ECP and ECP.Proxy

 

PrashanthPurushotham_9-1720424836477.png

 

PrashanthPurushotham_12-1720424915585.png

 

Are you able to access https://localhost/ecp in Exchange Server 2016?

When we try to access https://localhost/ecp, it will prompt for authentication, then it will throw the error message, when i tracked, localhost/ecp is getting redirected to mail.vohkus.com/ecp and then it will go to /owa -> /owauth then error message appears. Out of two exchange 2016 one server is able to login with https://localhost/ecp, but some time it also fails..., but it should be accessed though exchange server locally. When we try outside the exchange server with https://IP address/ecp or https://mail.vohkus.com/ecp.. it throws error message

When we switch on the exchange 2013 servers, everything works (https://localhost/ecp, https://IP address/ecp & https://mail.vohklus.com/ecp)

@Prashanth Purushotham 

Thank you for your reply with detailed information.

Since the issue does not occur when the Exchange 2013 servers are online,
compare the configurations of the virtual directories and authentication settings between Exchange 2013 and Exchange 2016.

Get-EcpVirtualDirectory | fl Server,InternalUrl,ExternalUrl,InternalAuthenticationMethods,ExternalAuthenticationMethods
Get-OwaVirtualDirectory | fl Server,InternalUrl,ExternalUrl,InternalAuthenticationMethods,ExternalAuthenticationMethods
Get-ClientAccessService | fl Name,AutodiscoverServiceInternalUri,AlternateServiceAccountCredential
Get-ExchangeCertificate | fl Thumbprint,CertificateDomains,IsSelfSigned,Services,Subject,NotAfter

Ensure that redirection settings in IIS for the ECP and OWA virtual directories do not inadvertently cause issues.

@TAE_YOUN_ANN 

Thakk You for your help and support....


I checked all the configurations are Good and there is no redirection settings on any of the virtual directories

 

Outputs are attached

 

for the Certificate, below mentioned SSL certificate is common

 

Thumbprint : 2C9E5F01E973B4FC09EC03477D8E03F7CFEFC2A3
CertificateDomains : {vohkus.com, www.vohkus.com, mail-internal.vohkus.com, autodiscover.vohkus.com, mail.vohkus.com}
IsSelfSigned : False
Services : IMAP, POP, IIS, SMTP
Subject : CN=vohkus.com
NotAfter : 05/11/2024 19:22:43

 

Thumbprint : A14E53971CFCE232879C19AFAC69E1502550150A
CertificateDomains : {vohkus.com}
IsSelfSigned : True
Services : IMAP, POP, SMTP
Subject : CN=Microsoft Exchange Server Auth Certificate
NotAfter : 19/07/2026 14:34:52

 

@Prashanth Purushotham 

Your detailed reply was very helpful in my review.
The following servers are using self-signed certificates:

VOH-SOU-VM-EX1
VOH-SOU-VM-EX6

[Action Item]
Ensure that all Exchange servers use the same publicly trusted SSL certificate.
In the IIS Manager Console, unify the SSL binding settings for “Default Webs Site” and “Exchange Back End” with a public certificate!

@TAE_YOUN_ANN 

 

Thank You for your Support...

 

Yes, on "Exchange Back End", updated SSL certificate from self-signed to public certificate on EX1 & EX6, post updating and turning off Exchange 2013 servers

 

Note:

 

1. Exchange 2013 server EX3 & EX4 also has the same self-signed certificate on "Exchange Back End", but it is not updated to public certificate, it is shutdown

 

2. Earlier, before updating Public Certificate on EX6, locally ECP portal was opening only on this server, but now post updating public certificate, now it is also not opening

 

Again stuck with same issue

 

When we access https://mail.vohkus.com/ecp -> it will come up to https://mail.vohkus.com/owa/auth.owa and than page will not open, shows "This Page isn't working, mail.vohkus.com is currently unable to handle this request, HTTP ERROR 500

 

When we access https://localhost/ecp -> it will come up to https://localhost/owa/auth.owa and than page will not open, shows "This Page isn't working right now, localhost can't currently handle this request, HTTP ERROR 500

 

PrashanthPurushotham_0-1720596001833.png

PrashanthPurushotham_1-1720596108096.png

 

 

 

@Prashanth Purushotham 

If you have a load balancer, make sure it is configured properly.
Once the Exchange 2013 server is activated, everything seems to work,
so this could be related to the load balancer settings or health checks.

We have disabled all the services on Load Balancer and tested, only when Exchange 2013 servers are on ECP portal works, once it is shutdown, it will not work, but SMTP and OWA works fine even without Exchange 2013
Thanks for reply.
I understood.
Please try iisreset at the Exchange Server 2016.
No Luck, Even after the iisreset and Exchange Server 2016 reboot, ECP portal did not work

@Prashanth Purushotham 

I would like to know the result value of the following execution.

Get-Mailbox -Arbitration

@TAE_YOUN_ANN 

 

Please find the output

 

PrashanthPurushotham_0-1720716837936.png

 

@Prashanth Purushotham 

Thank you for the information you sent.
After review, there are no missing arbitration mailboxes, which is normal.

[Action Item]
To execute these PowerShell scripts, follow these steps,
Open PowerShell as administrator and use the ‘cd’ command to navigate the Exchange ‘Bin’ directory.
For instance,
cd “C:\Program Files\Microsoft\Exchange Server\V15\Bin.”

Then execute the following commands to run the PowerShell scripts to fix the configuration issues.

.\UpdateConfigFiles.ps1
.\UpdateCAS.ps1

This may take a while to finish.
Once done, restart the server and check if the HTTP 500 error is resolved and ECP/EAC is accessible.