You have an
exchange 2013, after some unknown event nobody can get to OWA or ECP (or any other
IIS based resource including outlook.) Instead, users get a login screen then a blank
page. In the system event log, you see
hundreds of id 15021 on the source HttpEvent that say “An error occurred while using SSL configuration
for endpoint 0.0.0.0:444. The error
status code is contained within the returned data.”
-
Open
the Command Prompt
-
Run-
netsh http show sslcert
-
This
will show the certs, copy and paste this information into notepad. Under IP:port
: 127.0.0.1:443, note the
certificate hash and application ID.
-
Run
this command- (Yes, I know there is no
:444 listed in the output from the earlier command.)
netsh http delete sslcert ipport=0.0.0.0:444
-
Run
this command. Replace certhas with the
certificate hash and appid with the application ID you saved in notepad.
netsh http add sslcert ipport=0.0.0.0:444
certhash=123123123123123 appid="{123123123123-1231231235}"
-
Reboot
the server.
Excellent info. Thank you. Solved it right away.
ReplyDeleteGlad it helped!
DeleteYou saved my day!
ReplyDeleteGlad it helped!
DeleteGreat
ReplyDeleteit worked.
You're a life saver. It worked for me too.
ReplyDeleteThanks, you saved us from hours and hours...Great!
ReplyDeleteAs with the guys above, I cannot THANK you enough for this info. After upgrading my cert from a self-signed to a purchased, and then rebooting, it nurfed my SSL and in turn all the Exchange services. This is exactly what I needed to recover. Thanks a million for this.
ReplyDeleteI love you man! :)
ReplyDeletethat was awesome, thx
ReplyDeleteGood job, you helped me a lot ! Thanks !!!
ReplyDeleteWhere do we send the checks? Another one saved after a longer than I'd l'd like to admin troubleshooting and chasing my own tail!
ReplyDeleteExcellent article. Spot on. Thank you.
ReplyDeleteyes thank you ! another +1
ReplyDeleteas an addition - our 'unknown event' was installing security update kb3011140. Installed CU7 after that and still the same issue. This solution did fix our problem.
ReplyDelete"as an addition - our 'unknown event' was installing security update kb3011140. Installed CU7 after that and still the same issue. This solution did fix our problem. "
ReplyDeleteDitto for me
Fixed it for us! Thank you!
ReplyDeletenice work.. worked for us!
ReplyDeletewe had the same after installing security updates.
ReplyDeletewe then went into IIS manager to the sites. looked at exchange back clicked on "bindings" then opened HTTPS to see that the SSL cert entry was blank. We simply re-selected the "Microsoft Exchange" cert APPLIED and then all cam back to life after about 5 mins.
ReplyDeletekevin.haydon@norsa.co.uk
thank you! works!
ReplyDeleteAwesome!! Thanks!!
ReplyDeletethanks man saved my Friday night...
ReplyDeleteWOW for once someone who knows what they are doing!! No pages filled with me too I have the same problem. Just a good solid answer. You saved me a ton of work. Thank you
ReplyDeleteThanks... did not need to delete mine, just had to point to the right certificate... thanks for point it out.
ReplyDeleteBig Thanks saved my ass! I had the problem after the patchday feb 2016
ReplyDelete--Yes, I know there is no :444 listed in the output from the earlier command.)
For me there was an entry for 0.0.0.0:444 when i used the command but you steps still worked fine.
Like John, for me there was an entry for 0.0.0.0:444. And also like John, this nevertheless fixed it. Thanks so much - it's late, this is fixed, and now I can shut down the computer and go to beddddd!
ReplyDeleteme too get working using this fix great :D
ReplyDeletefreakin microsoft whats wrong there? Situation for hack?
problem occured after installing updates and rebooting server
Deleteworked for me as well. I had just installed exchange 2013 cu12, after the restart white screens on all the web based apps. this fixed it for me as well. thanks man!
ReplyDeletethank you
ReplyDelete!!!!
Thank you so much! You saved my day
ReplyDeletehi, just handled this issue by issuing a new certificate through external CA. you just need to mention the new CA name in your IIS default and backend config.
ReplyDeletecan't believe crap like this is still happening. thanks for the quick fix. :)
ReplyDeleteThanks Adam1115, you saved me hours of work. Much appreciated!
ReplyDeleteThank you............
ReplyDeleteIt was very helpfull
ReplyDeleteThanks, it was really helpful.
ReplyDeleteThank you very much. Was about to reinstall exchange.
ReplyDeleteYou are the man! Fixed it right away.
ReplyDeleteIt was fantastic , thanks a lot
ReplyDeleteTks brother!!!
ReplyDeleteLEGEND!! Totally fixed the issue and as others have said I had an etry for 0.0.0.0:444. Only thing was I had to run the command from within the netsh prompt. Kept getting parameter incorrect error otherwise. see this https://social.technet.microsoft.com/Forums/windowsserver/en-US/ab01ef59-d1f6-4959-a0be-f372234814c6/adfs-30-login-failing-from-ie8?forum=winserverDS
ReplyDeleteHai una birra pagata a Forli' ITALY, grazie 1000
ReplyDeleteAdam;
ReplyDeleteLike all the above I thank you for the fix, it saved my bacon! Spent all Sat. and Sun morning on it and found your post, running in 5 minutes!
Adam, you, sir, are a steely eyed missile man!!!
ReplyDeleteI was minutes away from a total Exchange redo.
Thank you so much!
Solid solution! Took the call and was like "Port 444"? to the on call tech who escalated. Perfect solution. There had been an accumulation update installed on the server last night. Some other comments:
ReplyDeletewe had the 0.0.0.0:444 output
It matched the 127.0.0.0:443 attributes
Still executed and still resolved.
Great, thank you very much!
ReplyDeleteyou rock!!
ReplyDeleteThank you.
ReplyDeleteThanks for sure! Save me a ton of time today!
ReplyDeleteHi Adam
ReplyDeleteI had just gone from Exchange 2016 to 2019 and had issues with it. After trying to uninstall 2016 and it failing left me with a 2019 installation that just didn't work. Talk about plucking hairs!!
In the end came across your post and yes all I can say is that it saved my bacon. If I can buy you a beer or even contribute to a charity of your choice I am very happy to do so. Let me know by chris@jchall.com :-)
Adam... You are the king! Next time you are in Kailua Kona, the beers are on me!
ReplyDeletecazzo Adam, thank you so much!! This post saved my life. MANY MANY MANY FUCKING thanks <3 !!!!!
ReplyDeleteJust had this problem after KB45200007 on a win2012 not r2.
ReplyDeleteThank u so much again.
- implict - when you come in italy you have a dinner and a evening of beer offfered by myself!! Thank u again!! ;)
ReplyDeleteemail me at m*a*r*b*ell27*@gmail dot com
c ya dude!!
Super Super Thank you!!!
ReplyDeleteAwesome mate. Fixed my issue without a restart but i restarted anyway. apacms@business-IT-Services.com
ReplyDeleteThank you!
ReplyDeleteAgain, another "Thank you!" from me. I had this error after applying KB4593466:
ReplyDeletehttps://support.microsoft.com/en-gb/help/4593466/description-of-the-security-update-for-microsoft-exchange-server-2013
On the show cert I *did* have an entry for 0.0.0.0:444, but the delete and then add with the same certhash and appid as the 0.0.0.0:443 binding did the trick. Phew!!! Client's email back up and running.
Thanks again, @adam1115
Thank you, you saved the day once again. Every now and then we run into this issue and it always brings me back to this post. Total legend.
ReplyDeleteThank you, saved me. Ran into this today after monthly security updates on Exchange 2013 CU23, were installed.
ReplyDelete