question

DanBrown-2027 avatar image
0 Votes"
DanBrown-2027 asked DanBrown-2027 answered

Exchange 2013 CU 12 http 500 error when logging into ecp

Hello,

We've recently encountered a http 500 error when logging into one of our exchange servers (it is hosted in aws running on Windows Server 2019).

I've tried replacing the certificates on the server a couple of times, I've made sure that the bindings are set correctly and I've deleted and recreated the ecp and owa directories. I've ran the UpdateCas and UpdateConfig powershell scripts multiple times, since the server is virtualised I've also tried assigning more resources to it and the error still occurs.

We're also running in a hybrid environment.

Any help would be greatly appreciated.

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

DanBrown-2027 avatar image
0 Votes"
DanBrown-2027 answered

I've managed to fix it

Looks like the other exchange server we had decided to freeze for some unknown reason, once I had restarted it, changed the certificates to match the ones of the other server, everything decided to work.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered joyceshen-MSFT commented

Hi @DanBrown-2027

Do you mean you deployed your Exchange 2013 on Windows server 2019? If so, that's not supported. Please correct me if I have any misunderstanding about your description.
141885-100302.png

In addition, when does this issue occur? What changes have been made in your environment recently which may lead to this issue(such as installing the security update and so on...)?

Have you checked whether users can log into OWA correctly? You could then check the application logs recorded in event viewer to see if any error.

Please also note that your CU12 is a quite old version, it's better to upgrade to the latest two versions(CU23 or CU22) for better support.

Below are some related links about the issue for your reference:
Can't sign in to Outlook on the web or EAC if Exchange Server OAuth certificate is expired
EXCHANGE 2013 ECP FAILS WITH 500 UNEXPECTED ERROR AFTER RUNNING HYBRID CONFIGURATION WIZARD WITH OFFICE 365
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



100302.png (52.4 KiB)
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DanBrown-2027 avatar image DanBrown-2027 ·

Hi @joyceshen-MSFT

We actually upgraded the server to 2019 (the upgrade happened months ago and went without any issues), exchange was originally deployed on a MS Server 2012 R2 operating system and the issue itself started about 2 weeks ago.

The OWA encounters the same problem, luckily since we use O365 because of the hybrid environment users aren't actually affected by this, the issue is more of an admin problem (we have been able to work around it so far).

We have been doing security updates across our windows infrastructure (which includes turning off TLS 1.0, TLS 1.1 and old SSL versions). I did apply these changes to the server, it worked for about a week and then we started getting the http 500 error. I did revert the changes and the same issue still occurs.


0 Votes 0 ·
joyceshen-MSFT avatar image joyceshen-MSFT DanBrown-2027 ·

Hi @DanBrown-2027

Could you please provide the result running the command below? And also check the application log to get more information.

 (Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List
0 Votes 0 ·
imamitsingh avatar image
1 Vote"
imamitsingh answered DanBrown-2027 commented

Method 1: Step by Step Solution for HTTP 500 Error

Step 1: Go to Search bar and type "Exchange Managmenent Shell".

Step 2: A new window will appear named as: Administrator: Exchange Managmenent Shell.

Step 3: It will start connecting to your local EAC ip.

Step 4: After connecting, type Remove-OwaVirtualDirectory ‘win2\owa

142354-image.png

Step 5: Message will appear “Are you sure you want to perform this action? Outlook Web App virtual directory “win2\owa ” is being removed.

Step 6: Type y.
142359-image.png

Step 7: Type New-OwaVirtualDirectory – Website Name ‘Default Web site’.
142360-image.png

Step 8: Restart your Computer.

Step 9: Now re-login. Exchange Server http 500 Error will be fixed.


Method 2: How to Fix 500 internal server error in Microsoft Exchange

  1. Create a separate virtual directory which doesn’t require SSL or any other authentication method to establish a connection with the server. In this way you could temporarily connect with the server but that might serve as a potential threat due to lack of authentication.

  2. Alternatively you can enable the settings on the root Exchange directory for the front end server using Microsoft utility “Metaedit.exe”.
    Metaedit.exe

  3. To determine the Maximum token size allotted to the user, use Microsoft provided tool : Tokensz.exe : By default the maximum token size- 8,000 bytes were allotted for the legacy versions; but for the later versions , token size was increased upto 12,000 bytes.

  4. Insufficient permissions problem might be raised due to broken Access Control List inheritance in the Active Directory. To resolve this follow these steps:

    Launch Active Directory Users and Computers.
    Locate View >> Advanced Features.
    Select the mailbox and right click to explore the properties.
    Navigate to Security >> Advanced.
    Ensure that “Include inheritable permissions from this object's parent" is selected.

Active Directory Service Information

  1. Alternatively you can re-add the existing users and new users to the Exchange. For that you need to access Active Directory Service Information:

    Open adsi edit.
    Locate the user in your existing domain.
    Expand the user details and remove the object “CN=ExchangeActiveSyncDevices”.

Tools that could be beneficial: http://test exchange connectivity.com helps to test the connectivity between the exchange server and the device.

Exchange Remote Content Analyzer: Helps to determine the connectivity issues between the exchange server and the deployments easily.


image.png (115.9 KiB)
image.png (106.8 KiB)
image.png (130.8 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DanBrown-2027 avatar image DanBrown-2027 ·

I have tried recreating the virtual directories before and it didn't work unfortunately.

I tried the other 2 fixes that you have suggested and neither of those have worked either

0 Votes 0 ·