Home

OWA / ECP loop at login

%3CLINGO-SUB%20id%3D%22lingo-sub-58594%22%20slang%3D%22en-US%22%3EOWA%20%2F%20ECP%20loop%20at%20login%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58594%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20upgrading%26nbsp%3Bthe%20Exchange%202013%20server%20to%20CU13%20we%20have%20the%20problem%20that%26nbsp%3Btrying%20to%20logon%20to%20OWA%20or%20ECP%20we%20getting%20the%20logon%20screen%20back.%3CBR%20%2F%3EWe%20have%20done%20several%20action%20in%20trying%20to%20resolve%20this%20after%20reading%20several%20blogs%20and%20articles%3A%3CBR%20%2F%3E-%20remove%20and%20renew%20the%20virtual%20directories%3C%2FP%3E%3CP%3E-%20renew%20the%20server%20certificate%3C%2FP%3E%3CP%3E-%20install%20.NET%20Framework%204.6.1%3C%2FP%3E%3CP%3E-%20install%20CU15%3C%2FP%3E%3CP%3E-%20check%20web.config%20files%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20found%20a%20workaround%20by%20disabling%20FBA%20and%20enable%20Windowsauthentication.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20even%20have%20submitted%20a%20case%20with%20Microsoft%20where%20they%20have%20found%20that%20is%20a%20certificate%20that%20is%20having%20a%20bad%20key%3C%2FP%3E%3CP%3E11%3A41%3A38.594%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B14024%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B7784%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BHttpProxy%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BVerbose%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%22%5BFbaModule%3A%3AParseCadataCookies%5D%20Received%20CryptographicException%20System.Security.Cryptography.CryptographicException%3A%20%3CSTRONG%3E%3CU%3EBad%20Key%3C%2FU%3E%3C%2FSTRONG%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%20at%20System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32%20hr)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%20at%20System.Security.Cryptography.RSACryptoServiceProvider.DecryptKey(SafeKeyHandle%20pKeyContext%2C%20Byte%5B%5D%20pbEncryptedKey%2C%20Int32%20cbEncryptedKey%2C%20Boolean%20fOAEP%2C%20ObjectHandleOnStack%20ohRetDecryptedKey)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%20at%20System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte%5B%5D%20rgb%2C%20Boolean%20fOAEP)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%20at%20Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication%20httpApplication)%20decrypting%20cadataSig%22%3C%2FP%3E%3CP%3E2300%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B03EF0F39%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDebug%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B2017%2F03%2F28%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20removed%20the%20thirdParty%20certificate%20and%20imported%20the%20original%20pFX%2C%20with%20no%20luck%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20would%20like%20to%20solve%20this%20without%20bying%20a%20new%20certificate%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHoping%20that%20the%20community%20has%20some%20suggestions%2C%20we%20and%20MS%20support%20did%20not%20try%20yet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-58594%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-69703%22%20slang%3D%22en-US%22%3ERe%3A%20OWA%20%2F%20ECP%20loop%20at%20login%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-69703%22%20slang%3D%22en-US%22%3E%3CP%3EGlad%20to%20hear%20that%20the%20problem%20is%20solved.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-69690%22%20slang%3D%22en-US%22%3ERe%3A%20OWA%20%2F%20ECP%20loop%20at%20login%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-69690%22%20slang%3D%22en-US%22%3E%3CP%3ESorry%20for%20the%20late%20reaction%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20is%20solved%2C%20We%20had%20to%20buy%20a%20new%20certificate%2C%20which%20will%20eventually%20solved%20the%20problem.%3CBR%20%2F%3ESomewhere%20the%20certificate%20got%20corrupted%2C%20but%20it%20was%20not%20clear%20what%20the%20cause%20was.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Guido van Dijk
New Contributor

After upgrading the Exchange 2013 server to CU13 we have the problem that trying to logon to OWA or ECP we getting the logon screen back.
We have done several action in trying to resolve this after reading several blogs and articles:
- remove and renew the virtual directories

- renew the server certificate

- install .NET Framework 4.6.1

- install CU15

- check web.config files

 

We have found a workaround by disabling FBA and enable Windowsauthentication.

 

We even have submitted a case with Microsoft where they have found that is a certificate that is having a bad key

11:41:38.594        14024        7784        HttpProxy        Verbose        "[FbaModule::ParseCadataCookies] Received CryptographicException System.Security.Cryptography.CryptographicException: Bad Key.

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)

   at System.Security.Cryptography.RSACryptoServiceProvider.DecryptKey(SafeKeyHandle pKeyContext, Byte[] pbEncryptedKey, Int32 cbEncryptedKey, Boolean fOAEP, ObjectHandleOnStack ohRetDecryptedKey)

   at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)

   at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication) decrypting cadataSig"

2300        03EF0F39        Debug         2017/03/28

 

We have removed the thirdParty certificate and imported the original pFX, with no luck

 

We would like to solve this without bying a new certificate

 

Hoping that the community has some suggestions, we and MS support did not try yet.

 

Thanks

2 Replies

Sorry for the late reaction

It is solved, We had to buy a new certificate, which will eventually solved the problem.
Somewhere the certificate got corrupted, but it was not clear what the cause was.

Glad to hear that the problem is solved.

Related Conversations
More than one signature in OWA - any plans?
Pawel Jarosz in Office 365 on
7 Replies
Outlook shared Calendar > All day events spans two days
Mike Jansen in Outlook on
5 Replies
Modern Authentication Issue
cvincent in Microsoft Teams on
1 Replies
Login prompting for more information
Bruce Burge in Office 365 on
5 Replies