After changing the certificate on Exchange 2013+2016 (AND you have rebooted it – or it will happen eventually if you forget!), you may experience this when logging into ECP, you get the username and password prompt, you press login and – BAM:
You look in the event logs, and you see this:
EventID: 15021
An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.
No need to be scared, this is not difficult to use, what happens is that the IIS websites are not having the new certificate set, and the certificate window under the binding in IIS is just empty:
Just click the dropdown menu, and select the correct certificate you have imported and run a IISRESET on the command prompt afterwards or even better reboot the server if possible.
This issue occurs if the SSL binding on 0.0.0.0:444 has one of more of the following issues:
- The binding is installed incorrectly
- The binding doesnβt have a certificate assigned.
- The binding contains incorrect information.
For example, this issue occurs if the certificate hash of the binding is different from that of other bindings for application ID 4dc3e181-e14b-4a21-b022-59fc669b0914.
You can also fix via command prompt:
Type “netsh http show sslcert”:
Remove and replace the wrong certificate hash for 0.0.0.0:444 by running this:
“netsh http delete sslcert ipport=0.0.0.0:444”
“netsh http add sslcert ipport=0.0.0.0:444 certhash=a1d2a8d3275634xxxxxxxxxxxxxxxxx appid=”{4dc3e181-e14b-4a21-b022-59fc669b0914}”
Note: replace certhash with the full hash of your cert!
Reboot the server or do IISRESET command π
Source:
You get a blank page after logging in EAC or OWA in Exchange 2013 or Exchange 2016 (microsoft.com)
Microsoft Exchange 2013 shows blank ECP & OWA after changes to SSL certificates | vcloudnine.de
Related Posts
Reported Zero-day Vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019
How to hide all users in a particular OU in the Global Address List- Exchange: Replacing certificate for Microsoft 365 hybrid connector’s
- PATCH NOW: April 2021 Exchange Server Security Updates
- Exchange Online: Native external sender callouts on email in Outlook
- Exchange exploit: One-Click Microsoft Exchange On-Premises Mitigation Tool
I found this article 5 minutes after figuring it out. Leaving a comment for others that might see this. Try it, it fixed my issue!
Thnaks a lot π
best regards
Martin
This worked great. I am an IT intern at a midsized medical production company in the states. Mail Exchange server went down when the Senior Sys Admin was out of town. Executives had Microsoft on the phone going down a rabbithole of troubleshooting database logs that had been delete. I saw the server pushing out SSL cert errors and then found a link to this page. Had it back up and running in about 10 minutes. Definitely got some brownie points from the team, so I thought I’d give you a thanks!
Have a good one and hello from Minnesota USA!
Wow thanks a lot for the kind words!
Glad it helped and good luck with the brownies π
Best regards
Martin
Thank you, thank you, THANK YOU!!
Had to reboot a server this holiday weekend to swap out a failed UPS and for a while I thought I was going to be spending the rest of the day trying to figure out why Outlook, OWA and even EAC would not work. Second Google result for the error and I found this page.
Glad to hear! thanks π
Best regards
Martin
Thank you, your are a life saver.
Thanks π – Glad to hear π
Best regards
Martin
Thank you bro!
You are welcome π
Any Idea what it could be limiting o365 to on-prem when the on-prem cert expired before i could replace?
I have imported a new rekeyed cert and all my info from the commands above match the new hash/thumbprint. Pulling my hair out on this!! π
Only mailflow / freebusy, but if all mailboxes are moved to the Cloud, you should not feel anything π
Saved my day..
Thank you very much Martin
Thanks Ali π
Regards Martin
worked for me, thanks!
Glad to hear π
This is interesting. I use Let’s Encrypt certificates on my Exchange servers, bound to :443 for OWA etc. Those certs renew every three months, so I have automation in place to reassign Exchange services to the new certificate at renewal. I’ve (so far) gotten away with :444 bound to a self-signed internal cert that only renews every five or ten years.
Any idea why my experience differs?
I think it’s because when you change the cert normally on Exchange, both 443 and 444 are replaced, and the way you do it, only replaces 443 π
Very useful tip. Thanks a lot.
Thanks π
Saved me Brother! Thank you!
Thank so much for sharing this. Every time something breaks with Exchange I am filled with dread about how long it will take to fix it – fortunately your blog was the first hit on Google for me and you resolved the issue immediately!
Thank you so much, had this issue with Exchange 2013 this morning and quickly resolved it using your article!
Awesome, thank you for sharing, works
1am patching Exchange 2016, this just saved my bacon. Thank you!!
Legend. Fixed my Ex2019 servers, post security update I had the same error. Would have taken me a while to find that π
Holy Cow!!!! You are a life saver!!!! Definitely worked for me!!!!! You just saved me a lot of stress this weekend!
Thanks π
Br. Martin
Thanks, Martin, You save my day!!!
Just came across this exact issue and your blog was the first search result hit.
Problem solved.
Thanks Martin!
Thanks π
Br. Martin
Yes worked for me thanks a heap π My issue was created by deleting an old cert in the certlm.msc
Thanks π
Best regards
Martin
thnx mate! this was so helpful!!! great article!! thnx again!
Thanks π
Best regards
Martin
This was helpful. thanks. the real question is for our setup, the cert was no longer selected, just had to use the drop down and select it again. but what would cause it just out of the blue to become un-selected?
Did you ever do a IISRESET or server restart?
Have seen this before, when customer did not do any of the above, and then the problem happened, out of the blue π
Thanks Bro.. you save my night.. Love u π
Thank you very much! Save me tons of time to troubleshooting.
Fixed it for me – Thanks
Still saving lives!!! Thank you!!!
THANKS π
Looked everywhere for a solution and then found your post, fixed it in minutes. Thank You Martin!
Thanks π
Saved my bacon, Kudos to you in spades Martin.
Thanks π
Br. Martin
Hey Martin got this error today and found your post. Worked perfectly. Thanks for sharing.
Glad to hear π
Best regards
Martin
Happened to me today. Exchange 2019 servers humming along nicely for about 3 months, then cannot access ECP or Exchange PowerShell.
Followed this guide and fixed.
Thank you.
Glad to hear π
Best regards
Martin
Martin,
Happened to me in the middle of a migration to 365 pulling an all weekender. Came upon your page and wanted to send a virtual hug and or a coffee! π
Thank you!
Glad to hear π
Best regards
Martin
Thank you very much the solution.
If you go to Hungary, i pay a beer for you
Thanks Martin for sharing this info
Your info saved me a lot of time.
Regards from Holland.
Thanks π
Best regards
Martin
It worked! Thank you very much for your information. It was explained very well and it solved.
Thank you again, you are the one.
Thanks π
Best regards
Martin
Great
Much THANKS !!!!!
You are welcome π
You saved my Sunday – Thank you
Thanks π
Best regards
Martin
Thank You Martin!!!! =]
Thanks π
Best regards
Martin
You totally saved my day! Thanks for sharing such valuable info!
Thanks π
Best regards
Martin
December 2024, same situation and “still saved my bacon”.
Thank you for contributing it to community!
Thanks π
Best regards
Martin