0

Recently we were unable to log into ECP, after successful login we a re redirected to de login prompt, on our two Exchange servers and no configuration change were made, we are using a wildcart cert on them and running in an hybrid config with Office365.

After trying recreating ECP et backend directories and checked the auth settings on them the problem still persisted.

So i went on throwing a new exchange server in the party, and then when i set the wildcard cert on it , i got the redirect loop as for the others servers, i reverted to a self signed cert to access ECP.

Anyone with a clue about this? Thanks.

Drifter104
  • 3,773
  • 2
  • 25
  • 39
Maxwell
  • 5,076
  • 1
  • 26
  • 31
  • Internal and external urls are the same on the servers. Split DNS in place. – Maxwell Mar 31 '16 at 08:02
  • The details about the redirect loop are unclear. Where is it redirecting from and to? – pat o. Apr 01 '16 at 13:00
  • Authentification is done but it it redirects to login prompt. – Maxwell Apr 01 '16 at 13:57
  • The SSL certificate shouldn't make any difference. The usual cause for this is the URLs configured on the virtual directories. Are they are correct? Are they identical on both servers? Which build of Exchange 2013 are you on? – Sembee Mar 29 '16 at 09:34

2 Answers2

0

Yes, When you select the change of the certificate usually makes the change in the front end of the ECP in IIS.

Please Check and be sure that the certificate in the Front end is the same certificate that uses the Back end, in IIS for the exchange site (Default) on all exchange servers.

/******************/ To make sure that all internals and externals url are good do the following, change the url to the one in your company:

 Get-OabVirtualDirectory | Set-OabVirtualDirectory –ExternalURL https://mail.company.com/oab
 Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory –ExternalURL https://mail.company.com/ews/exchange.asmx
 Get-OutlookAnywhere | Set-OutlookAnywhere –ExternalHostname mail.company.com –ExternalClientsRequireSsl $true
 Get-MapiVirtualDirectory | Set-MapiVirtualDirectory –ExternalURL https://mail.company.com/mapi
 Set-OrganizationConfig -MapiHttpEnabled $true

And do the test from the outside of your company with this: https://testconnectivity.microsoft.com/

Autodiscover works with 4 methods, so it should be the @ or "autodiscover" record in public dns.

Jose Ortega
  • 544
  • 2
  • 9
0

Check this answer in my blog:

http://mcsemessaging.blogspot.mx/2014/12/blank-screen-after-login-via-owa-in.html

The issue is in the IIS, go to the backend site, and change the certificate used by the port 444. to match your wildcard certificate.

For a unknown reason when you change the certificate in the front end using the commands I published before.

Jose Ortega
  • 544
  • 2
  • 9