Exchange: An error occurred while using SSL configuration for endpoint 0.0.0.0:444

After changing the certificate on Exchange 2013+2016 (AND you have rebooted it – or it will happen eventually if you forget!), you may experience this when logging into ECP, you get the username and password prompt, you press login and – BAM:

You look in the event logs, and you see this:

EventID: 15021
An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.

No need to be scared, this is not difficult to use, what happens is that the IIS websites are not having the new certificate set, and the certificate window under the binding in IIS is just empty:

Just click the dropdown menu, and select the correct certificate you have imported and run a IISRESET on the command prompt afterwards or even better reboot the server if possible.

This issue occurs if the SSL binding on 0.0.0.0:444 has one of more of the following issues:

  • The binding is installed incorrectly
  • The binding doesn’t have a certificate assigned.
  • The binding contains incorrect information.

For example, this issue occurs if the certificate hash of the binding is different from that of other bindings for application ID 4dc3e181-e14b-4a21-b022-59fc669b0914.

You can also fix via command prompt:

Type “netsh http show sslcert”:

Remove and replace the wrong certificate hash for 0.0.0.0:444 by running this:

“netsh http delete sslcert ipport=0.0.0.0:444”

“netsh http add sslcert ipport=0.0.0.0:444 certhash=a1d2a8d3275634xxxxxxxxxxxxxxxxx appid=”{4dc3e181-e14b-4a21-b022-59fc669b0914}”

Note: replace certhash with the full hash of your cert!

Reboot the server or do IISRESET command πŸ™‚

Source:

You get a blank page after logging in EAC or OWA in Exchange 2013 or Exchange 2016 (microsoft.com)

Microsoft Exchange 2013 shows blank ECP & OWA after changes to SSL certificates | vcloudnine.de

 

29 Comments

  1. Gal Cohen

    I found this article 5 minutes after figuring it out. Leaving a comment for others that might see this. Try it, it fixed my issue!

    Reply
    1. Martin (Post author)

      Thnaks a lot πŸ™‚

      best regards
      Martin

      Reply
  2. Dominic

    This worked great. I am an IT intern at a midsized medical production company in the states. Mail Exchange server went down when the Senior Sys Admin was out of town. Executives had Microsoft on the phone going down a rabbithole of troubleshooting database logs that had been delete. I saw the server pushing out SSL cert errors and then found a link to this page. Had it back up and running in about 10 minutes. Definitely got some brownie points from the team, so I thought I’d give you a thanks!

    Have a good one and hello from Minnesota USA!

    Reply
    1. Martin (Post author)

      Wow thanks a lot for the kind words!
      Glad it helped and good luck with the brownies πŸ™‚

      Best regards
      Martin

      Reply
  3. Mortimer

    Thank you, thank you, THANK YOU!!
    Had to reboot a server this holiday weekend to swap out a failed UPS and for a while I thought I was going to be spending the rest of the day trying to figure out why Outlook, OWA and even EAC would not work. Second Google result for the error and I found this page.

    Reply
    1. Martin (Post author)

      Glad to hear! thanks πŸ™‚

      Best regards
      Martin

      Reply
  4. Alistair Vernon

    Thank you, your are a life saver.

    Reply
    1. Martin (Post author)

      Thanks πŸ™‚ – Glad to hear πŸ™‚

      Best regards
      Martin

      Reply
  5. Gela

    Thank you bro!

    Reply
    1. Martin (Post author)

      You are welcome πŸ™‚

      Reply
  6. Robert Barnes

    Any Idea what it could be limiting o365 to on-prem when the on-prem cert expired before i could replace?

    I have imported a new rekeyed cert and all my info from the commands above match the new hash/thumbprint. Pulling my hair out on this!! πŸ™‚

    Reply
    1. Martin (Post author)

      Only mailflow / freebusy, but if all mailboxes are moved to the Cloud, you should not feel anything πŸ™‚

      Reply
  7. Ali

    Saved my day..
    Thank you very much Martin

    Reply
    1. Martin (Post author)

      Thanks Ali πŸ™‚

      Regards Martin

      Reply
  8. Evghenii

    worked for me, thanks!

    Reply
    1. Martin (Post author)

      Glad to hear πŸ™‚

      Reply
  9. Josh

    This is interesting. I use Let’s Encrypt certificates on my Exchange servers, bound to :443 for OWA etc. Those certs renew every three months, so I have automation in place to reassign Exchange services to the new certificate at renewal. I’ve (so far) gotten away with :444 bound to a self-signed internal cert that only renews every five or ten years.

    Any idea why my experience differs?

    Reply
    1. Martin (Post author)

      I think it’s because when you change the cert normally on Exchange, both 443 and 444 are replaced, and the way you do it, only replaces 443 πŸ™‚

      Reply
  10. Obama

    Very useful tip. Thanks a lot.

    Reply
    1. Martin (Post author)

      Thanks πŸ™‚

      Reply
  11. DMann

    Saved me Brother! Thank you!

    Reply
  12. David

    Thank so much for sharing this. Every time something breaks with Exchange I am filled with dread about how long it will take to fix it – fortunately your blog was the first hit on Google for me and you resolved the issue immediately!

    Reply
  13. Mike

    Thank you so much, had this issue with Exchange 2013 this morning and quickly resolved it using your article!

    Reply
  14. Hans

    Awesome, thank you for sharing, works

    Reply
  15. Evan

    1am patching Exchange 2016, this just saved my bacon. Thank you!!

    Reply
  16. Emmet

    Legend. Fixed my Ex2019 servers, post security update I had the same error. Would have taken me a while to find that πŸ‘

    Reply
  17. McCurtis Ashley Grayson

    Holy Cow!!!! You are a life saver!!!! Definitely worked for me!!!!! You just saved me a lot of stress this weekend!

    Reply
    1. Martin (Post author)

      Thanks πŸ™‚
      Br. Martin

      Reply
  18. JosΓ© Martins

    Thanks, Martin, You save my day!!!

    Reply

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close