Exchange 2013 ECP Login fails HTTP 404 Requested URL: /owa/auth/logon.aspx

Similar Messages

• Exchange Server 2013 ECP Login

  I am bit puzzled and frustrated with this issue I have in my lab.  I have exported my test mailboxes from my 2010 environment (other settings are minor and easily reproduced), and uninstalled 2010.  Next I went and installed 2013 RTM from TechNet.
  The first time I installed 2013 the install was successful, but when the ECP came up it was just a empty browser window - it would never display.  So I thought, maybe there was something left over from the previous 2010 server.  I blew away the
  OS (was 2008 R2) and built a clean 2012 server.  Installed all the Exchange 2013 prerequisites, extended the Schema and installed 2013 using all the defaults in the wizard.
  This time the the ECP login came up, but here is where it gets puzzling and frustrating.  I put my Admin credentials in (this account has all proper group membership that I'm aware of) and the screen goes blank for a second and then the OWA login is
  displayed.  The ECP never comes up again, just goes straight to the OWA login.  If I enter my credentials in the OWA login, the screen just flashes and the password field clears but doesn't login.
  I have tried uninstalling and cleaning up AD and reinstalling, but the same thing keeps happening.  I can't help but think it has something to do with permissions, but I'm not sure what that would be.

  So after a good bit of time looking for clues, I noticed that this pops up in the application log every time the screen flashes and the password field clears.  I really have no idea what this means or how to fix it - maybe a cert issue in IIS ?!?!
  Log Name:      Application
  Source:        MSExchange Front End HTTP Proxy
  Date:          11/6/2012 7:24:56 PM
  Event ID:      3
  Task Category: Core
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      servername.domain.com
  Description:
  [Ecp] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified.
     at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
     at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
     at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
     at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
     at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
     at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
     at Microsoft.Exchange.HttpProxy.ProxyModule.<>c__DisplayClassa.<OnBeginRequest>b__9()
     at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchange Front End HTTP Proxy" />
      <EventID Qualifiers="49152">3</EventID>
      <Level>2</Level>
      <Task>1</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2012-11-07T01:24:56.000000000Z" />
      <EventRecordID>209382</EventRecordID>
      <Channel>Application</Channel>
      <Computer>servername.domain.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data>Ecp</Data>
      <Data>System.Security.Cryptography.CryptographicException: Invalid provider type specified.
     at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
     at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle&amp; safeProvHandle, SafeKeyHandle&amp; safeKeyHandle)
     at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
     at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
     at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
     at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
     at Microsoft.Exchange.HttpProxy.ProxyModule.&lt;&gt;c__DisplayClassa.&lt;OnBeginRequest&gt;b__9()
     at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)</Data>
    </EventData>
  </Event>

• EXCHANGE 2013 - ECP AND OWA INTERNAL ERROR 500 - NEW INSTALL

  Really hoping someone can help me here.
  I first installed 2012 OS and 2013 exchange and users were getting 'Unable to open your default folder' when trying to open outlook. After much googling and nothing working I decided to put 2008 R2 on the server with 2013 Exchange. Now i am running into massive
  issues. 
  Firstly i get Internal Errror 500 after putting in credentials for ECP and OWA. I did notice that it is also defaulting straight to this URL after entering password https://localhost/owa/auth.owa
  I check the management shell and that connects without any issues. I also logged on to a computer to see what it did. After autodiscover it is not able to log onto server and then it looks like it is look for the old server information from previous server.
  Any help would be appreciated. Can i do another reinstall of OS and how am i meant to remove the previous data that it seems the server has found?

  Hi,
  According to your description, I understand that cannot login internal ECP\OWA with error 500, also autodiscover failed.
  If I misunderstand your concern, please do not hesitate to let me know.
  I notice that autodiscover “looks like it is look for the old server information from previous server”, have you installed multiple version Exchange in your environment?
  Please run below command to double check the virtual directory configuration:
  Get-OutlookAnywhere | FL Identity,*Host*,*Auth*
  Get-OwaVirtualDirectory | FL Identity,*url*,*auth*
  Get-EcpVirtualDirectory | FL Identity,*url*,*auth*
  Get-WebServicesVirtualDirectory | FL Identity,*url*,*auth*
  Get-ClientAccessServer | FL Identity,*URI*,*auth*
  Then, open IIS and check on the Application Pools to view whether MSExchangeOWAAppPool and MSExchangeECPAppPool is running on .NET Framework v4.0, and recycle virtual directory for test.
  Additional, here’s a thread about “Removing Old Exchange and installing a new one”, for your reference:
  https://social.technet.microsoft.com/forums/exchange/en-US/46ca107c-7ece-4da7-8aea-46b705793f37/removing-old-exchange-and-installing-a-new-one
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• Exchange 2013 ECP/OWA Error 503 Service Unavailable

  Hi,
  Hoping that someone can clarify or assist with an issue relating to Exchange 2013 CU3..
  Both roles installed on a single 2012 server, mailboxes created, able to login to ECP/OWA using ht tps://servername.int.domain.com/ecp using the out of the box internally generated SSL certificate.
  Virtual directory internal and external settings for all directories were configured to be ht tps://mail.domain.com/owa /ecp /EWS etc and a UCC certificate (containing mail.domain.com, autodiscover.domain.com)from GoDaddy was imported and assigned to
  IIS and SMTP, internal DNS records were setup internally and externally for mail.domain.com and full propagated, Outlook Anywhere enabled and configured to mail.domain.com, external access configured for all virtual directories
  The issue is that ECP and OWA can only be accessed internally by the full internal server FQDN URL ht tps:// serverame.int.domain.com/ecp whereas it should be accessible at this point by ht tps:// mail.domain.com/ecp
  Error received both internal and external when trying ht tps://mail.domain.com / owa / rpc etc is error 503 Service Unavailable
  I know that the ECP and OWA sites are up and running as I can login and do anything by internal servername URL but no joy at all using the external (which is to be used for internal clients aswell for seamless access)
  The only way it works is by adding a host name to the 2 x 443 bindings in IIS for the front end website and set it to mail.domain.com but this means autodiscover.domain.com internally and externally wont work
  Is this normal and required for Exchange 2013 or is there a way to resolve this?
  Thanks in advance!

  Hi,
  I found a article might help you, for you reference:
  http://support.microsoft.com/kb/2619402
  Generally, this error occurs if the application pool that is associated with the web application doesn't start.
  To troubleshoot this issue, follow these steps:
  In Event Viewer, view the System log to find errors from the Microsoft-Windows-WAS source. An event is frequently logged in the System log if the application pool fails to start.
  If you don't find any relevant events in the System log, search for relevant entries in the HTTPERR log file. The httperr1.log file is located in the following system folder:
  c:\windows\system32\logfiles
  In the file, search on "503" to locate any relevant information about why the application pool failed. For example, you may see an entry that resembles the following:
  2011-12-08 18:26:42 ::1%0 6721 ::1%0 443 HTTP/1.1 GET /owa 503 3 N/A SharePoint+Web+Services+Root
  Thanks.
  Niko Cheng
  TechNet Community Support

• Exchange 2013 SP1 - healthsets failing

  Hi,
  I have recently installed two Exchange 2013 SP1 servers in different environments and are experiencing issues on both. Issues that I haven't seen on Exchange 2013 without SP1.
  I have 6 healthsets which are unhealthy. 
  Autodiscover...
  ActiveSync.P...
  EWS.Proxy
  OAB.Proxy
  Outlook.Proxy
  OutlookMapiH...
  I found this article: 
  http://technet.microsoft.com/en-us/library/ms.exch.scom.ecp.proxy(v=exchg.150).aspx
  Which describes, that try to restart the app pool, then an iisreset - and lastly reboot the server. Tried all and none of them helped.
  But then I found this error in the Exchang event log:
  RecycleApplicationPool-MSExchangePowerShellAppPool-RpsDeepTestPSProxyRestart: Throttling rejected the operation
  Which fails almost every minute.
  And I guess that this could be the issue. But I can't figure out which throttling that is causing this.
  Any one else with this issue on Exchange 2013 SP1?
  Thanks in advance.
  /Kim

  Hi,
  I have seen a lot of similar issues with health manager service. For IIS services, we can safely ignore these warnings. Personal experience, we just need to monitor whether there are related
  error reports in event log.
  Thanks,
  Simon Wu
  TechNet Community Support

• Exchange 2013 IMAP Connectivity Failing

  I have gone through all of the troubleshooting i can find, and can't get IMAP connectivity to work to my Exchange 2013 server.  I have an application that uses IMAP to connect to a mailbox to create and update help tickets.
  I get the following in the log:
  2014-04-03T14:03:25.783Z,00000000000000C7,0,10.10.50.55:993,10.10.50.18:56287,,18,0,53,OpenSession,,
  2014-04-03T14:03:25.798Z,00000000000000C8,0,10.10.50.55:993,10.10.50.18:56288,,14,0,53,OpenSession,,
  2014-04-03T14:03:26.079Z,00000000000000C8,1,10.10.50.55:993,10.10.50.18:56288,,1,27,125,capability,,R=ok
  2014-04-03T14:03:26.236Z,00000000000000C8,2,10.10.50.55:993,10.10.50.18:56288,imaptest,95,37,35,login,imaptest *****,"R=""1274136704c94dce NO LOGIN failed."";Msg=User:imaptest:0a2fa0f8-47d9-4ad0-b6a5-8c4853d301d9:SCS_EX2013DB:SCS-VM-EX2013.*****.com;Proxy:SCS-VM-EX2013.****.com:9933:SSL;ProxyNotAuthenticated"
  I have tried a few different users, and get the same error with each.
  Any ideas??

  Hi,
  To understand more about the issue, I’d like to confirm the following information:
  The detail error message when you login your account in IMAP mode.
  The result when you use telnet to check the IMAP connectivity:
  http://support.microsoft.com/kb/189326/en-us
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 ECP 500 Error

  We are in the beginning phase of migrating from Exchange 2010 to Exchange 2013. When I login to the exchange 2013 admin console and navigate to servers it does not show me any of my servers. When I navigate to mailflow-receive connectors I receive a 500
  error. When I run the powershell command to get-receiveconnectors it shows me the correct exchange 2013 connectors. I checked IIS and the permissions appear to be correct. Not sure where to look to resolve the issue.

  Hi,
  From your description, I would like to verify if you can see all the Exchange servers when running the Get-ExchangeServer cmdlet. If yes, the issue should be ECP virtual directory, you can remove this problematic ECP virtual directory and create a new
  ECP virtual directory to check the result.
  For your reference:
  New-EcpVirtualDirectory
  https://technet.microsoft.com/en-us/library/dd351218(v=exchg.150).aspx
  Hope this can be helpful to you.
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Amy Wang
  TechNet Community Support

• Exchange 2013 ECP redirects to OWA

  Dear Collegues,
  after that I ve installed Exchange 2k13 on my win server 2012 std, I am not able to reach the EAC, when I tried to enter this URL: https://servername/ecp or https://servername/ecp?ExchClientVer=15 it redirects me always to OWA. I ve also tried this solution
  http://www.telnetport25.com/2012/11/quick-tipcreating-an-icon-on-the-desktop-for-the-exchange-2013-eac/ with no effect, also this http://lyncdude.com/2013/02/07/cannot-access-exchange-contorl-panel-ecp-in-exchange-server-2013/, but what really strange is,
  that my powershell cant recognize for ex. this syntax -  Get-owavirtualdirectory | fl or Set-owavirtualdirectory -identity “owa <Default Web site>” -FormAuthentication:$true at all.
  I am really confused with all of that Exchange 2k13 installation and configuration, from the beginning there are so many problems.
  Please can anyone help me?

  Hi,
  To enable the system mailboxes, I’d like to confirm how you disable them: delete the mailboxes from the Exchange management tool or delete the account from the ADUC.
  For more detailed steps to enable the system mailbox, you can refer to the following article:
  http://social.technet.microsoft.com/wiki/contents/articles/6874.how-to-recreate-system-mailbox-federatedemail-discoverysearchmailbox-in-exchange-2010.aspx
  For the redirection issue, I recommend you check the result if you login with a admin account: check it’ OWA or EAC.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 ECP 503 error

  I have a problem with my two Exchange 2013 servers. There are no mailboxes on the servers, because we are just beginning our migration from Exchange 2007. We are running Exchange 2013 SP1 on Server 2012R2
  When I try to access ecp/owa on ex01 (https://localhost or https://ex01.domain.local), I am presented with a login page, but after entering my credentials,
  I get a 503 error:
  Service Unavailable HTTP Error 503. The service is unavailable
  On ex02, I can RDP to the server and log into ecp/owa just fine. However, if I log in (https://ex02.domain.local) from another computer (like my PC), I get the
  same credential page and 503 error.
  I verified the following:
  All of the application pools and Exchange services are started
  I do not have any instances of event 2280 in the Application log
  I have also restarted the server
  Local security policy shows that Administrators and Backup Operators have "Allow log on locally" permission
  This feels like a permissions issue in IIS, but I'm not sure.
  My ECP virtual directory settings (both servers) look like this:
  InternalAuthenticationMethods : {Basic, Fba}
  BasicAuthentication : True
  WindowsAuthentication : False
  DigestAuthentication : False
  FormsAuthentication : True
  LiveIdAuthentication : False
  AdfsAuthentication : False
  OAuthAuthentication : False
  ExternalAuthenticationMethods : {Fba}
  Why won't ex01 let me log in and why would the login on ex02 work from the server, but 503 from my machine? Thanks.

  Hi,
  From your description, I would like to clarify the following things for troubleshooting:
  1. Make sure that the services are running under the Local System account.
  2. Ensure that the mailbox database that you want to access are mounted. Besides, the account you use to access ECP should have a mailbox in the Exchange server you are accessing.
  Hope my clarification can be helpful to you.
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Amy Wang
  TechNet Community Support

• Exchange 2013: how to set up multiple domain for OWA and ECP

  Exchange 2013 on Windows 2012R2
  Currently we have set this up using the guide below:
  http://mouzzamh.wordpress.com/2013/02/04/accessing-owa-from-multiple-domain-url/
  We can access OWA and ECP using the internal IP address/owa or ECP but when we use the URL it fails.
  We gave it an external IP address as well just to check if it will externally since the external DNS are pointing to the correct records: same issue it only works on IP address/owa or /ecp
  We were able to follow the guide from start to finish including the certs..
  The only difference on the guide and our exchange IIS environment for the new website is when he mentioned "Under IIS Settings / ISAPI and CGI Restrictions" we only have "ISAPI filters"...." ISAPI and CGI Restrictions" is only
  applicable to the default and backend website..
  Also, when the guide points to the path, should it be the new website path?
  Or maybe to avoid confusion, can anyone guide me on how to do it or any other guide that helped you if ever you had the same issue as mine?
  Thanks.

  Hi,
  Please run the following to check your OWA virtual directories for all web sites:
  Get-OWAVirtualDirectory | FL Identity,*URL*,path
  Personal suggestion, please consider to deploy another new CAS server. Then we can configure different OWA URLs in different servers. And pointed mail.domain.com and webmail.domain.com to two CAS servers respectively.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 SP1 setup fails at prerequisite Analysis

  I installed a completely new server network with Hyper-v 2012R2
  I installed two virtual 2012R2 servers: DC01 as the Domain Controller of "testdomain.local" and EX01 as the Exchange server.
  EX01 is joined the domain "testdomain" from DC01
  I log in on EX01 with an in AD created testdomain\exadmin account who is member of domain admins, enterprise admins, schema admins, administrators and group policy creator owners.
  I have run the command Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience,
  NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing,
  Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression,
  Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, Telnet-Client, RSAT-ADDS
  on EX01
  I have installed the Microsoft Unified Communications Managed API 4.0
  Then I run the Exchange 2013 SP1 setup and the prerequisite check gives the following errors:
  Error:
  You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx
  Error:
  Setup encountered a problem while validating the state of Active Directory: Active Directory server  is not available. Error message: Active directory response: The LDAP server is unavailable.  See the Exchange setup log for more information on this
  error.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx
  Error:
  Either Active Directory doesn't exist, or it can't be contacted.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx
  I can connect with the Active Directory Sites and Domains and other applets to the AD. So Why these errors???
  HELP!
  Regards, Manu
  Manu van Winkel

  Hi, thanks for the answer.
  I restarted the server and did the "run as administrator": same result.
  The first errormessage in the exchangesetup.log is:
  [ERROR] Setup encountered a problem while validating the state of Active Directory: Active Directory server  is not available. Error message: Active directory response: The LDAP server is unavailable.  See the Exchange setup log for more information
  on this error.
  When I run dcdiag /s:DC01 from EX01 it passes all tests except:
  DFSREvent "The RPC server is unavailable"
  KccEvent "The RPC server is unavailable."
  SystemLog  "The RPC server is unavailable."
  Could these be of any influence?
  Running dcdiag on DC01 passes all tests.
  The only thing I changed after setting up DC01, was changing the fixed IP-adres from 192.168.25.3 to 192.168.25.2, but I ran ipconfig /flushdns and ipconfig /registerdns and dcdiag /fix afterwards.
  The only roles installed on DC01 are AD DS (I tried installing exchange before and after adding the AD DS role), AD, DNS, DHCP and Fileservices
  I don't know where to look anymore....
  Manu van Winkel

• Exchange 2013 SP1 Setup fails

  I am getting very frustrated. It really shouldn't take over a week to install Exchange.
  I have two domain controllers, Windows 2003 and Windows 2008 R2. The 2008 is now all Operations Masters for all roles.
  I have a clean install of W2K8 R2 SP1 installed under Hyper-V on a separate physical W2K8 server. Before starting the install I used ADSIEdit to ensure there was nothing left in the AD of prior Exchange install attempts. This is the first and only installation
  of Exchange.
  I am running the install as the Domain\Administrator and naturally that account is a member of all the appropriate security groups. RSAT are installed on the Exchange server and using them to access Users and Computers clearly shows this. The install fails
  with the errors below, all of which appear to be incorrect.
  *** BEGIN ERROR ***
  Error:
  Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx
  Error:
  You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx
  Error:
  You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx
  Error:
  Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.  See the Exchange setup log for more information on this error.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx
  Error:
  The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx
  Error:
  This computer requires the Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit. Please install the software from http://go.microsoft.com/fwlink/?LinkId=260990.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UcmaRedistMsi.aspx
  Error:
  This computer requires the update described in Microsoft Knowledge Base article KB974405 (http://go.microsoft.com/fwlink/?LinkId=262357). Please install the update, and then restart Setup.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.Win7WindowsIdentityFoundationUpdateNotInstalled.aspx
  Error:
  Either Active Directory doesn't exist, or it can't be contacted.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx
  Warning:
  Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2007 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2007 servers.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE12ServerWarning.aspx
  Warning:
  Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx
  *** END ERROR
  Why can't Exchange installation see the AD when everything else can?

  It appears that these error messages are pure fiction. I went back to ADSI Edit and removed some MS Exchange container and then reran setup /prepareschema again followed by setup /preparead and finally setup /mosde:install /role:clientaccess,mailbox and
  it churned away for a long time, apparently working.
  It appears than when it says you aren't a member of Schema Admins and that it can't access Active Directory, what it really means is it could find the AD just fine, but didn't like what it saw.
  My guess would be very sloppy programming in which the low level error doesn't bubble up and so when something fails it just assumed you didn't have permissions.
  It's not quite finished yet, but I am beginning to believe it will finish. So that's almost 6 days of non stop effort to install Exchange. It's hard top believe they are allowed to charge for this stuff.

• Exchange 2013 cu3 setup fails with 'problem... validating the state of Active Directory... supplied credential... invalid'

  Windows Server 2013; Exchange Server 2013 with Cumulative Update 1
  Cannot install Cumulative Update 3 for Exchange Server 2013. It fails with
  [xxx] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.  See the Exchange setup log for more information on this error.
  [xxx] [0] [ERROR] Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.
  [xxx] [0] [ERROR] The supplied credential is invalid.
  (Crosses - XXX - replace original values.)
  I have found that a few others have experienced the same problem but found no solution, nor could come up with anything myself. If it is any hint, Event 40961 was logged in the Event Viewer around the same time on almost all installation attempts to be purely
  conincidental:
  The Security System could not establish a secured connection with the server
  ldap/xxx.xxx/[email protected] No authentication protocol was available.
  Both Windows Server and Exchange Server otherwise work OK, and do not recall any issues with Cumlative Update 1 installation.

  Hi vhr1,
  Based on my knowledge, the Event ID 40961 is a warning message.
  This behavior occurs when we restart the server that was promoted to a DC. The Windows Time service tries to authenticate before Directory Services has started.
  Found some resources for your reference even if the Exchange Version is mismatched:
  http://blogs.technet.com/b/jhoward/archive/2005/04/20/403946.aspx
  http://support.microsoft.com/kb/823712/en-us
  About the error message, "Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid."
  The error message InvalidCredentials means: the wrong password was supplied or the SASL credentials cannot be processed.
  Found a similar thread for your reference, hope it is helpful:
  http://social.technet.microsoft.com/Forums/en-US/98e26ad6-8e43-4ef5-8ff9-e9fee6e76bda/bind-operation-is-invalid?forum=exchangesvrdeploylegacy
  Feel free to contact me if there is any problem.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2013 ECP and DAG issue

  Good Day,
  We have Exchange 2013 setup in Coexistence with Exchange 2007. Everything is working well except for two small issues I have noticed.
  Current Setup of 2013:
  SiteA:
  2x CAS Servers on Windows 2012 R2 configured with windows NLB (Internet Facing).
  2x MBX servers Configured in a DAG also running on Windows 2012 R2.
  SiteB:
  2x CAS Server on Windows 2012 R2.
  2x MBX servers Configured in a DAG also running on Windows 2012 R2.
  Issues I am having:
  Issue 1:
  When working on the ECP:
  I can do all tasks on servers in the same site but get some errors when trying to do tasks on servers in the other site.
  When trying to Activate a DB copy on the DAG at SiteB I get "The Microsoft Exchange Replication service does not appear to be running on Server name"
  And just trying to go to the properties of a server at SiteB "An error occurred while accessing the registry on the server servername"
  This happens vice versa.
  I can access all servers on the same site but not between sites with some tasks.
  I have made sure firewall is disabled and remote registry is indeed running but no luck.
  From a network perspective all ports are open between the sites.
  Issue 2:
  When I reboot a DAG member with the active mailbox databases for testing outlook connectivity I get two issues.
  Then I cannot access ECP at all until the server is up again.
  Outlook keeps staying on trying to connect until it is reopened.
  Any Ideas?
  I will gladly give more information if needed.
  Thank You
  Riaan Rourke
  Senior System Engineer

  Since I don't see this with Hyper-V I'll assume this is on ESX. Please let me know it that's not correct.
  In terms of virtualization best practices - whose list was that :) 
  There are multiple configuration things that you *MUST* do when using WLBS on ESX.  It will depend upon multiple things in the environment.  I'd start with this
  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1556
  Fix that, and chances are the other item will be also remediated.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Exchange 2010 SP3 cohabitation Exchange 2013 ecp?exchver=15 from external not work

  Hi
  i have installed an exchange 2013 cohabitation with exchange 2010 for migration. outlookanywere,ecp,owa, autodiscovery...etc are configurered
  when i try to connect to the eac or owa internaly its work, but when i try to do externaly https://mail.mydomain.com/ecp?exchver=15
  i have error 302, 301 to many redirections
  how can i fix this
  thanksin advance

  Hi,
  Generally, status 301 means that the resource (page) is moved permanently to a new location. Please refer to Sneff_Gabor's suggetsion to check the Redirect setting s for OWA and ECP in IIS manager.
  Additionally, please provide more information about your issue and collect any error logs for further troubleshooting.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support