Monday, March 3, 2014

Exchange 2013- Blank ECP / OWA screen, event ID 15021 HttpEvent in system event log.

You have an exchange 2013, after some unknown event nobody can get to OWA or ECP (or any other IIS based resource including outlook.)  Instead, users get a login screen then a blank page.  In the system event log, you see hundreds of id 15021 on the source HttpEvent that say “An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data.” 

-          Open the Command Prompt
-          Run-
netsh http show sslcert
-          This will show the certs, copy and paste this information into notepad.  Under     IP:port   : 127.0.0.1:443, note the certificate hash and application ID.
-          Run this command-  (Yes, I know there is no :444 listed in the output from the earlier command.)
netsh http delete sslcert ipport=0.0.0.0:444
-          Run this command.  Replace certhas with the certificate hash and appid with the application ID you saved in notepad.
netsh http add sslcert ipport=0.0.0.0:444 certhash=123123123123123 appid="{123123123123-1231231235}"

-          Reboot the server.

67 comments:

  1. Excellent info. Thank you. Solved it right away.

    ReplyDelete
  2. You're a life saver. It worked for me too.

    ReplyDelete
  3. Thanks, you saved us from hours and hours...Great!

    ReplyDelete
  4. As with the guys above, I cannot THANK you enough for this info. After upgrading my cert from a self-signed to a purchased, and then rebooting, it nurfed my SSL and in turn all the Exchange services. This is exactly what I needed to recover. Thanks a million for this.

    ReplyDelete
  5. Good job, you helped me a lot ! Thanks !!!

    ReplyDelete
  6. Where do we send the checks? Another one saved after a longer than I'd l'd like to admin troubleshooting and chasing my own tail!

    ReplyDelete
  7. Excellent article. Spot on. Thank you.

    ReplyDelete
  8. as an addition - our 'unknown event' was installing security update kb3011140. Installed CU7 after that and still the same issue. This solution did fix our problem.

    ReplyDelete
  9. "as an addition - our 'unknown event' was installing security update kb3011140. Installed CU7 after that and still the same issue. This solution did fix our problem. "

    Ditto for me

    ReplyDelete
  10. nice work.. worked for us!

    ReplyDelete
  11. we had the same after installing security updates.

    ReplyDelete
  12. we then went into IIS manager to the sites. looked at exchange back clicked on "bindings" then opened HTTPS to see that the SSL cert entry was blank. We simply re-selected the "Microsoft Exchange" cert APPLIED and then all cam back to life after about 5 mins.

    kevin.haydon@norsa.co.uk

    ReplyDelete
  13. thanks man saved my Friday night...

    ReplyDelete
  14. WOW for once someone who knows what they are doing!! No pages filled with me too I have the same problem. Just a good solid answer. You saved me a ton of work. Thank you

    ReplyDelete
  15. Thanks... did not need to delete mine, just had to point to the right certificate... thanks for point it out.

    ReplyDelete
  16. Big Thanks saved my ass! I had the problem after the patchday feb 2016

    --Yes, I know there is no :444 listed in the output from the earlier command.)

    For me there was an entry for 0.0.0.0:444 when i used the command but you steps still worked fine.

    ReplyDelete
  17. Like John, for me there was an entry for 0.0.0.0:444. And also like John, this nevertheless fixed it. Thanks so much - it's late, this is fixed, and now I can shut down the computer and go to beddddd!

    ReplyDelete
  18. me too get working using this fix great :D
    freakin microsoft whats wrong there? Situation for hack?

    ReplyDelete
    Replies
    1. problem occured after installing updates and rebooting server

      Delete
  19. worked for me as well. I had just installed exchange 2013 cu12, after the restart white screens on all the web based apps. this fixed it for me as well. thanks man!

    ReplyDelete
  20. thank you

    !!!!

    ReplyDelete
  21. Thank you so much! You saved my day

    ReplyDelete
  22. hi, just handled this issue by issuing a new certificate through external CA. you just need to mention the new CA name in your IIS default and backend config.

    ReplyDelete
  23. can't believe crap like this is still happening. thanks for the quick fix. :)

    ReplyDelete
  24. Thanks Adam1115, you saved me hours of work. Much appreciated!

    ReplyDelete
  25. Thanks, it was really helpful.

    ReplyDelete
  26. Thank you very much. Was about to reinstall exchange.

    ReplyDelete
  27. You are the man! Fixed it right away.

    ReplyDelete
  28. It was fantastic , thanks a lot

    ReplyDelete
  29. This comment has been removed by the author.

    ReplyDelete
  30. LEGEND!! Totally fixed the issue and as others have said I had an etry for 0.0.0.0:444. Only thing was I had to run the command from within the netsh prompt. Kept getting parameter incorrect error otherwise. see this https://social.technet.microsoft.com/Forums/windowsserver/en-US/ab01ef59-d1f6-4959-a0be-f372234814c6/adfs-30-login-failing-from-ie8?forum=winserverDS

    ReplyDelete
  31. Hai una birra pagata a Forli' ITALY, grazie 1000

    ReplyDelete
  32. Adam;
    Like all the above I thank you for the fix, it saved my bacon! Spent all Sat. and Sun morning on it and found your post, running in 5 minutes!

    ReplyDelete
  33. Adam, you, sir, are a steely eyed missile man!!!
    I was minutes away from a total Exchange redo.
    Thank you so much!

    ReplyDelete
  34. Solid solution! Took the call and was like "Port 444"? to the on call tech who escalated. Perfect solution. There had been an accumulation update installed on the server last night. Some other comments:
    we had the 0.0.0.0:444 output
    It matched the 127.0.0.0:443 attributes
    Still executed and still resolved.

    ReplyDelete
  35. Thanks for sure! Save me a ton of time today!

    ReplyDelete
  36. Hi Adam

    I had just gone from Exchange 2016 to 2019 and had issues with it. After trying to uninstall 2016 and it failing left me with a 2019 installation that just didn't work. Talk about plucking hairs!!

    In the end came across your post and yes all I can say is that it saved my bacon. If I can buy you a beer or even contribute to a charity of your choice I am very happy to do so. Let me know by chris@jchall.com :-)

    ReplyDelete
  37. Adam... You are the king! Next time you are in Kailua Kona, the beers are on me!

    ReplyDelete
  38. cazzo Adam, thank you so much!! This post saved my life. MANY MANY MANY FUCKING thanks <3 !!!!!

    ReplyDelete
  39. Just had this problem after KB45200007 on a win2012 not r2.
    Thank u so much again.

    ReplyDelete
  40. - implict - when you come in italy you have a dinner and a evening of beer offfered by myself!! Thank u again!! ;)
    email me at m*a*r*b*ell27*@gmail dot com
    c ya dude!!

    ReplyDelete
  41. Awesome mate. Fixed my issue without a restart but i restarted anyway. apacms@business-IT-Services.com

    ReplyDelete
  42. Again, another "Thank you!" from me. I had this error after applying KB4593466:

    https://support.microsoft.com/en-gb/help/4593466/description-of-the-security-update-for-microsoft-exchange-server-2013

    On the show cert I *did* have an entry for 0.0.0.0:444, but the delete and then add with the same certhash and appid as the 0.0.0.0:443 binding did the trick. Phew!!! Client's email back up and running.

    Thanks again, @adam1115

    ReplyDelete
    Replies
    1. Did you happen to have renewed any certs in the last few months? I did on 1/6 but didnt see the error until after I installed CU19 for Exch2016 and restarted. Was it CU19 or just the restart?

      Delete
  43. Thank you as well. Ran into this today after I installed Exchange Server 2016 CU19 today and rebooted. Although I replaced my public facing cert back on 1/6/21 so i wonder if it is CU19 that broke it or the new cert followed by a restart that broke it. Leaning towards CU19....

    ReplyDelete
  44. Thank you, you saved the day once again. Every now and then we run into this issue and it always brings me back to this post. Total legend.

    ReplyDelete
  45. Thank you, saved me. Ran into this today after monthly security updates on Exchange 2013 CU23, were installed.

    ReplyDelete