Showing posts with label Certificates. Show all posts
Showing posts with label Certificates. Show all posts

Wednesday, May 17, 2017

An error occurred while using SSL configuration for endpoint 0.0.0.0:444

The other day, one of my Exchange 2016 lab servers stopped working. Well, I say "stopped working" but most things seemed to be working except for the Exchange Management Shell where I would get the following error when opening it:
 
OWA and ECP were also not working: I would simply get a blank page after signing in...
 
 
In the event log, there were hundreds of 15021 event errors complaining about SSL configuration:
Log Name:      System
Source:        Microsoft-Windows-HttpEvent
Date:          17/05/2017 03:51:17
Event ID:      15021
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EX1.nunomota.pt
Description:   An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.
 
 
As you can imagine, problems with SSL connections can affect multiple Exchange components such as the shell, ECP and OWA in this case (and many others if I had checked I'm sure). These problems can be the result of certificates not installed or incorrectly installed, and should be deleted from the system and reinstalled with the appropriate information.
 
So, I checked the installed certificates on this server by running netsh http show sslcert:
 
Nothing suspicious at first sight, but then again, I can't remember the last time I ran this command so I wasn't exactly sure what to look for. Until I ran the same command on a healthy server and noticed that the certificates used for 443 and 444 were the same:
 
So I went back to the affected server, deleted the certificate assigned to 0.0.0.0:444 by running netsh http delete sslcert ipport=0.0.0.0:444 and assigned the same certificate as the one used on port 443 by running netsh http add sslcert ipport=0.0.0.0:444 certhash="certificate_hash" appid="application id":
 
Restarted the server and everything was back to normal! :)
Posted by 102 comments:
Labels: , , ,

Thursday, July 28, 2016

Exchange Shell Certificate Error

The other day, a colleague of mine experienced an issue when updating the certificate for one of his Exchange servers. After using the EAC to update the certificate, the Exchange Management Shell would not start and give the following error:
New-PSSession : [server.domain.com] Connecting to remote server server.domain.com failed with the following error message : [ClientAccessServer=server,BackEndServer=server.domain.com,RequestId=357032aa-2312-477e-be88-8d99 db9027c5,TimeStamp=07/12/2016 23:10:21] [FailureCategory=Cafe-SendFailure]  For more information, see the about_Remote_Troubleshooting Help topic.

In the System event log we would find the following:
Log Name:      System
Source:        Microsoft-Windows-HttpEvent
Date:          6/18/2016 4:45:40 PM
Event ID:      15021
Level:         Error
Computer:      server.domain.com
Description: An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data.

Because this was a passive server of a DAG, no users were connecting to it so they were not impacted. However, we were not able to access OWA/EAC directly on this server.

The problem turned out to be in IIS and the fact that the new certificate was not binding to the Exchange Back End site. To fix it, open IIS, expand the server name, expand Sites, right-click on Exchange Back End and select Edit Bindings. In the new window, select https and then click Edit...:

As you can see, no SSL certificate was selected:

To fix it, simply select the new certificate from the SSL certificate drop-down box and click OK.
Posted by No comments:
Labels: ,
Subscribe to: Comments (Atom)