Exchange: An error occurred while using SSL configuration for endpoint 0.0.0.0:444

After changing the certificate on Exchange 2013+2016 (AND you have rebooted it – or it will happen eventually if you forget!), you may experience this when logging into ECP, you get the username and password prompt, you press login and – BAM:

You look in the event logs, and you see this:

EventID: 15021
An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.

No need to be scared, this is not difficult to use, what happens is that the IIS websites are not having the new certificate set, and the certificate window under the binding in IIS is just empty:

Just click the dropdown menu, and select the correct certificate you have imported and run a IISRESET on the command prompt afterwards or even better reboot the server if possible.

This issue occurs if the SSL binding on 0.0.0.0:444 has one of more of the following issues:

  • The binding is installed incorrectly
  • The binding doesn’t have a certificate assigned.
  • The binding contains incorrect information.

For example, this issue occurs if the certificate hash of the binding is different from that of other bindings for application ID 4dc3e181-e14b-4a21-b022-59fc669b0914.

You can also fix via command prompt:

Type “netsh http show sslcert”:

Remove and replace the wrong certificate hash for 0.0.0.0:444 by running this:

“netsh http delete sslcert ipport=0.0.0.0:444”

“netsh http add sslcert ipport=0.0.0.0:444 certhash=a1d2a8d3275634xxxxxxxxxxxxxxxxx appid=”{4dc3e181-e14b-4a21-b022-59fc669b0914}”

Note: replace certhash with the full hash of your cert!

Reboot the server or do IISRESET command πŸ™‚

Source:

You get a blank page after logging in EAC or OWA in Exchange 2013 or Exchange 2016 (microsoft.com)

Microsoft Exchange 2013 shows blank ECP & OWA after changes to SSL certificates | vcloudnine.de

 

16 Comments

  1. Gal Cohen

    I found this article 5 minutes after figuring it out. Leaving a comment for others that might see this. Try it, it fixed my issue!

    Reply
    1. Martin (Post author)

      Thnaks a lot πŸ™‚

      best regards
      Martin

      Reply
  2. Dominic

    This worked great. I am an IT intern at a midsized medical production company in the states. Mail Exchange server went down when the Senior Sys Admin was out of town. Executives had Microsoft on the phone going down a rabbithole of troubleshooting database logs that had been delete. I saw the server pushing out SSL cert errors and then found a link to this page. Had it back up and running in about 10 minutes. Definitely got some brownie points from the team, so I thought I’d give you a thanks!

    Have a good one and hello from Minnesota USA!

    Reply
    1. Martin (Post author)

      Wow thanks a lot for the kind words!
      Glad it helped and good luck with the brownies πŸ™‚

      Best regards
      Martin

      Reply
  3. Mortimer

    Thank you, thank you, THANK YOU!!
    Had to reboot a server this holiday weekend to swap out a failed UPS and for a while I thought I was going to be spending the rest of the day trying to figure out why Outlook, OWA and even EAC would not work. Second Google result for the error and I found this page.

    Reply
    1. Martin (Post author)

      Glad to hear! thanks πŸ™‚

      Best regards
      Martin

      Reply
  4. Alistair Vernon

    Thank you, your are a life saver.

    Reply
    1. Martin (Post author)

      Thanks πŸ™‚ – Glad to hear πŸ™‚

      Best regards
      Martin

      Reply
  5. Gela

    Thank you bro!

    Reply
    1. Martin (Post author)

      You are welcome πŸ™‚

      Reply
  6. Robert Barnes

    Any Idea what it could be limiting o365 to on-prem when the on-prem cert expired before i could replace?

    I have imported a new rekeyed cert and all my info from the commands above match the new hash/thumbprint. Pulling my hair out on this!! πŸ™‚

    Reply
    1. Martin (Post author)

      Only mailflow / freebusy, but if all mailboxes are moved to the Cloud, you should not feel anything πŸ™‚

      Reply
  7. Ali

    Saved my day..
    Thank you very much Martin

    Reply
    1. Martin (Post author)

      Thanks Ali πŸ™‚

      Regards Martin

      Reply
  8. Evghenii

    worked for me, thanks!

    Reply
    1. Martin (Post author)

      Glad to hear πŸ™‚

      Reply

Leave a Reply to Gela Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close