The other day, one of my Exchange 2016 lab servers stopped working. Well, I say "stopped working" but most things seemed to be working except for the Exchange Management Shell where I would get the following error when opening it:
OWA and ECP were also not working: I would simply get a blank page after signing in...
In the event log, there were hundreds of 15021 event errors complaining about SSL configuration:
Log Name: System
Source: Microsoft-Windows-HttpEvent
Date: 17/05/2017 03:51:17
Event ID: 15021
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: EX1.nunomota.pt
Description: An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.
As you can imagine, problems with SSL connections can affect multiple Exchange components such as the shell, ECP and OWA in this case (and many others if I had checked I'm sure). These problems can be the result of certificates not installed or incorrectly installed, and should be deleted from the system and reinstalled with the appropriate information.
So, I checked the installed certificates on this server by running netsh http show sslcert:
Nothing suspicious at first sight, but then again, I can't remember the last time I ran this command so I wasn't exactly sure what to look for. Until I ran the same command on a healthy server and noticed that the certificates used for 443 and 444 were the same:
So I went back to the affected server, deleted the certificate assigned to 0.0.0.0:444 by running netsh http delete sslcert ipport=0.0.0.0:444 and assigned the same certificate as the one used on port 443 by running netsh http add sslcert ipport=0.0.0.0:444 certhash="certificate_hash" appid="application id":
Restarted the server and everything was back to normal! :)
Thanks for the awesome post! I had this exact issue and you saved me hours of work.
ReplyDeleteGlad it helped!! :)
DeleteExcellent and simple explanation! Helped me, twice :) Thank you!
ReplyDeleteGlad to hear that Nuno, thanks! :)
DeleteThanks my friend! your post saved me
ReplyDeleteExcellent, really glad to hear that! :) Thank you for letting me know!
DeleteMe too. Many thanks :-) Steve.
ReplyDeleteThis was exactly what i needed - save a TON of time. Thank you!
ReplyDeleteGlad to hear that! :)
DeleteThanks my friend! your post saved me
ReplyDeleteGlad to hear that! :)
DeleteExcellent, thanks a lot.
ReplyDeleteYou're welcome!
DeleteYou rule !!!!!!!
ReplyDeleteYou rule !!!!!!!
ReplyDeleteThank you :)
DeleteThanks helped.
ReplyDeleteThanks you, glad to hear that! :)
DeleteSuperb, solved my issue too! Great documentation.
ReplyDeleteGlad to hear! :) Thank you!
Deletewow, many many thanks for your article, today our exchange 2016 server suddenly cannot be connected , outlook not work, owa not work ,even exchange power shell not work !!,
ReplyDeleteI google the event 15021 for around 2 hours to find a solutions ... lucky finally i find here, Many thank you again to share this helpful article .. have a nice day ! ..XD
I could kiss you ! Cheers Nuno, had to power off my exchange server due to planned power outage and when I powered on I lost access to everything (OWA, ECP, Outlook). After three hours of reading up different possibilities and nothing seeming to match my issue I found this page. All working now !
ReplyDeleteHaha! Glad it helped! :)
DeleteYou sir, are a hero
ReplyDeleteThanks very much Nuno! New to Exchange and I just expanded my C drive to make room and after restart ran into this issue! Not related, but I did update my SSL certs a few weeks back so this made sense. Only now seeing this come up because I hadn't restarted my exchange server in 36 days. Very clear steps and sure enough, I had the same issue. It's 12:50AM and servers are back online! If you're ever in Vancouver BC I owe you a beer or two. Thanks again! - Ian
ReplyDeleteHi Ian,
DeleteThank you for the feedback and glad to know this helped! I will let you know if I'm ever in the area :)
Regards,
Nuno
Another chime in from a late night repair. Thanks for sharing! This helped get me back online after a Windows update.
ReplyDeleteThanks for the feedback, glad it helped! :)
DeleteExcellent , sorted in minutes. Does anyone know the causes of this ? We had recently re-certified without issue until the next scheduled server restart.
ReplyDeleteGlad it helped Steve! :) I honestly have no idea why this happens...
DeleteThank you this saved the day
ReplyDeleteThank you so much Omar! :)
DeleteSave the day today Thank you
ReplyDeleteThank you so much Omar! :)
DeleteYou are my god now. Thanks Bro.
ReplyDeleteHaha! :-D Glad it helped Poleak!
DeleteI had this same problem very early this morning after a server reboot and this was the solution. Thanks so much!!! This is what I believe is the root cause or at least this is what happened in my case. I had deleted the five year old expired built-in self-signed certificate called, "Microsoft Exchange" about two weeks ago. When I rebooted the server this morning after doing Windows Updates it came up but I could not log in to OWA, ECP, EAC, and Outlook was showing as disconnected. The error 15021 was filling up the system event log. Upon following the directions here I could see that ipport 444 was holding on to the cert which I deleted. After running the above commands to delete the 444 cert and copy in the 443 cert I was back in business! No reboot needed as OWA and Outlook started to work immediately. However, I did reboot and everything was fine. Thanks again!
ReplyDeleteGlad it helped! :) THank you so much for the description of your issue!
DeleteThanks! worked like a charm!
ReplyDeleteExcellent, glad to hear! :)
DeleteThanks! Was quite the mystery. Happened to 1 of 3 2013 servers so far. Any Idea what causes it?
ReplyDeleteNo idea to be honest! Still a mystery...
DeleteYou need a space between http and add for this command to work.
ReplyDeleteHi Nathan,
DeleteWhere exactly? The screenshots all have a space after "http".
Thanks Nuno, Worked for me, netsh http add sslcert ipport=0.0.0.0:444 certhash="73ca358ae48af372ef8d01f6974e818b8296462c" appid="{4dc3e181-e14b-4a21-b022-59fc669b0914}":
ReplyDeleteC:\Windows\system32>netsh http delete sslcert ipport=0.0.0.0:444
SSL Certificate successfully deleted
netsh http add sslcert ipport=0.0.0.0:444 certhash="h5435k4545kr4548d01f6974e818b8ere54y45" appid="{t48f8481-3du5b-34r21-c011-4j345j3434j}":
Excellent! :)
DeleteNothing like finding the perfect answer after getting the flood of Friday morning calls. Thanks so much!
ReplyDeleteGlad it helped!! :)
DeleteBuenas noches.
ReplyDeleteExcelente aporte, me ayudaste a resolver un tremendo enredo.
Muchas gracias, mas aun por compartir.
Gracias! :)
DeleteExcellent. You saved my hours....Thank you
ReplyDeleteGlad to hear it helped! :)
DeleteThis saved me a ton of time thank you.
ReplyDeleteGlad to hear it helped! :)
DeleteI know this is an old article now. But I wanted to add my thanks, you really saved my bacon. Really good work!
ReplyDeleteI had exactly the same issue after a scheduled re-boot. Literally hundreds of the 15021 events. I had renewed the self signed certificate in the Exchange ECP earlier in the week apparently without issue. But after the first re-boot this happened.
Glad to hear this helped Andy! :) Thank you for taking the time to comment as well!
DeleteAmazing, stumbled upon this and had no idea what was causing it other than SSL (Event Viewer). Your post saved the day - only issue was I was getting unknown command and see the command should be 'netsh http add .... not netsh httpadd (as above)
ReplyDeleteMany thanks for your post. Happy New Year!
Happy New Year and glad it helped! :)
DeleteThank you so much for pointing out the typo! I have now corrected it.
This fixed me! BUT....do you know WHY this behavior occurs? My exchange went down randomly, and this event was in the log a million times.
ReplyDeleteGlad to hear! :) I'm afraid I never got to the bottom of it... In so many years, this has only happened once to me.
DeleteMiracle cure!! Thanks.
ReplyDeleteNice! :)
DeleteSweet - Freakin Microsoft - why can't they figure this out?
ReplyDeleteThanks, was very helpfull
ReplyDeleteGlad to hear! Thank you for the feedback! :)
DeleteI have a very similar issue however the port is 0.0.0.0:443 and the other is 127.0.0.1:443. I believe these are from Network monitoring tool we just installed. I do not know which one to delete though??
ReplyDeleteWhat does the error in the Event Log says?
DeleteFantastic. Solved my issue.
ReplyDeleteExcellent, glad it helped! :)
DeleteI will add to the chorus of 'thank you's and 'you're a hero's in this thread...
ReplyDeleteTHANK YOU! YOU ARE MY HERO TODAY!
In our case it appears to be a security update that caused the problem somehow.
:-D You are most welcome! Glad it helped and thank you so much for the feedback! :)
DeleteYes, this article got us back online today with minimal fuss.
ReplyDeleteMany thanks.
TW
Excellent, glad it helped! :)
Delete:PRAY:PRAY:PRAY:PRAY:
ReplyDeleteThis article is my salvation
ReplyDeleteGlad it helped!! :)
DeleteStill relevant today. Recent CU broke my Exchange Servers and this post saved the day.
ReplyDeleteThat's crazy... I thought this wouldn't be an issue by now!...
DeleteYou're welcome! :)
ReplyDeleteNuno 4 president ! You helped me out too, many thanks.
ReplyDelete:-D You're most welcome, glad this helped!
DeleteImpec, ca fonctionne encore !! Merci bcp
ReplyDeleteYou're welcome! :)
Deletety, gets me every year, this is much easier than muddling through gui.
ReplyDeleteGlad it helps! :)
DeleteThank you so much, you just saved me hours of work.
ReplyDeleteThanks for letting me know. Glad it helped! :)
DeleteThank you. I kept getting "Parameter incorrect" and I searched online for that error. I had to append certstorename=MY
ReplyDeleteC:\Windows\system32>netsh http add sslcert ipport=0.0.0.0:8192 certhash="xyz" appid="{abc}" certstorename=MY
hehe
ReplyDeleteSaved my bacon! Thank you very much for sharing this solution : )
ReplyDeleteGlad it helped! :)
DeleteYou are my hero sir, after hours of updating I did a restart on a exchange server and had the same problem, found out another guy changed the certificate a few weeks ago, everything worked until the restart, so thank you very much. Now 2am and you saved me a few hours of work
ReplyDeleteThank you for the feedback! Glad it helped! :)
Delete2024 and still working ;-) Thanks.
ReplyDeleteSome things never change! lol Thanks for the post!
DeleteYour advice is practical and correct, I'm Joe at Laos
ReplyDeleteThank you sooooooo much for publishing this!
ReplyDeleteYou're welcome! :)
DeleteYou are a lifesaver...!!! Thanks a lot for sharing this...
ReplyDeleteHaha, glad it helped! :)
Delete