Exchange 2013 - Unable to recreate ECP Virtual Directory using New-EcpVirtualDirectory

Hello,
I had a problem accessing ECP so I decided to recreate its virtual directory on the client access server. I used Remove-EcpVirtualDirectory. The cmd completed successfully. Then I tried running New-EcpVirtualDirectory and am getting the following error:
Argument: -Role ClientAccess
+ CategoryInfo : InvalidArgument: (:) [New-EcpVirtualDirectory], ArgumentException
+ FullyQualifiedErrorId : 3C22AE5F,Microsoft.Exchange.Management.SystemConfigurationTasks.NewEcpVirtualDirectory
Running the command using the -role clientaccess parameter doesn't change the outcome. I have tried running the Exchange setup using the recoverserver switch but the installator is unable to detect any problems with the installation and refuses to continue
with the recover. Any thoughts?

Hi,
Unfortunately, this didn't help either, but it has resulted in a different error message which has eventually led me to an answer, so thank you very much for your help!
The problem turned out to be quite strange (or not, I'm not very proficient with Exchange). It turned out that all the commands that I was executing, were actually applied to the mailbox server not to the CAS (hance the -role clientaccess error - it couldn't
have been installed on a server that didn't have the role). Once, I used the -server parameter you proposed, the command failed again. The problem now was that while it was finally pointing to the right server it was still using the installation path on the
mailbox server (SIC!). Exchange on the mailbox server has been installed at a non-default location and somehow the New-EcpVirtualDirectory command ran on CAS was trying to get to that path. So the trick that finally worked and something that Microsoft again
doesn't include in their site was using the parameter -path as part of the command:
new-ecpvirtualdirectory -internalurl https://xx.xx.xx/ecp -role clientaccess -server servername -websitename "Default Web Site" -Path "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp"
Hope it helps some poor soul some day. Thank you all for your help.

Similar Messages

SP1 for Exchange 2013 install fails with ECP virtual directory issues and now transport service won't start and mail is unavailable

SP1 for Exchange 2013 install failed on me with ECP virtual directory issues:
Error:
The following error was generated when "$error.Clear();
          $BEVdirIdentity = $RoleNetBIOSName + "\ecp (name)";
          $be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
          if ($be -eq $null)
          new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
          . "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
        " was run: "The virtual directory 'ecp' already exists under 'server/name'.
Parameter name: VirtualDirectoryName".
Error:
The following error was generated when "$error.Clear();
          $BEVdirIdentity = $RoleNetBIOSName + "\ECP (name)";
          $be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
          if ($be -eq $null)
          new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
          . "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
        " was run: "The operation couldn't be performed because object 'server\ECP (name)' couldn't be found on 'DC0xx.domain.com'.".
Error:
The following error was generated when "$error.Clear();
          $BEVdirIdentity = $RoleNetBIOSName + "\ECP (name)";
          $be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
          if ($be -eq $null)
          new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
          . "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
        " was run: "The operation couldn't be performed because object 'server\ECP (name)' couldn't be found on 'DC0xx.domain.com'.".
!! And now transport service won't start and mail is unavailable !!
Any help would be appreciated.
I have removed the ecp site from default site and attempting to rerun SP1 now. I do not have high hopes. :(

Hi,
Thanks for your response.
From the error description, you need to manually remove the ECP with IIS manager in both the Default Web Site and the Exchange Back End firstly. And then continue the upgrade to check the result.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support

Exchange 2013 CU6 with DAG - ECP Delete does not go to soft-delete state, retention policy ignored

I am not sure if this is a BUG or this is as intended. Typically if a mailbox is 'deleted' from the EAC or ECP console the user account is disabled and the mailbox is marked for removal (soft-delete) until the retention policy expires the item (default
30 days). However we deleted a mailbox and the mailbox was purged immediately as well as the user was moved to the hidden recycle bin in Active Directory.
We replicated this issue twice in a DAG environment, we do not have this issue in a non-DAG environment.
Question: Other than restoring from the backup, is there a way to recover the mailbox?
Thank You,
-Jake
Jacob Evans Jake of All Trades

Hi,
I tested in my lab, Exchange 2013 CU1 with DAG deployed, if I deleted a mailbox from EAC, then it would be a disconnected mailbox and the associated Active Directory user account was also deleted. I could find it under the Disconnected Mailbox.
Was the mailbox logged ever?
If you delete a mailbox that you never log in, it won't show as disconnected mailbox.
And for the question :"Question: Other than restoring from the backup, is there a way to recover the mailbox?", I'm afraid you have to recover from backup.
Best regards,
Belinda Ma
TechNet Community Support

Users moved from Exchange 2007 to Exchange 2013 unable to access mails on the mobile devices

New mailbox if created on Exchange 2013 works fine. But moved users from Ex2k7 to EX2k13 do not works. Here are the errors on the exchange server 2013 IIS logs:
For android -- DevOS:Android_S110_Error:System.ArgumentOutOfRangeException_ADWR
For iphone -- DevOS:iOS+8.1.1+12B436_S110_Error:System.ArgumentOutOfRangeException_As
Exhange 2013 is on Cumulative update CU6
Any clue.

Hi,
have you tried to recreate activesync profile?For IOS devices you could try to reset Network setting by doing the following:
Settings
General
Reset
Reset network settings
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

FIXED - Exchange 2013 - Can I Recreate Default Frontend Receive Connector SAFELY?

Hi
I'm need of some urgent assistance please.
I had a fully functional Exchange 2013 server and decided to create a receive connector for a photocopier/scanner to included its static IP  port number 25.
I accidentally chose Hub Transport role and not FrontEndTransport role which appears to have messed up port 25 connectivity on mail coming in from the internet. When I stopped and restarted the Transport Service within services.msc I then got this error.
Source: MSExchangeTransport
Event ID: 1036
Task Category: SmtpReceive
Level: Error
Description: Inbound direct trust authentication failed for certificate %1. The source IP address of the server that tried to authenticate to Microsoft Exchange is [%2]. Make sure EdgeSync is running
properly.
I proceeded to delete the offending Receive connector for the scanner/photocopier and restart the server, the transport service started ok this time but still I cant receive mail from the outside world.
My question: Can I delete the automatically created default Frontend "servername" connector which contains the proper settings then recreate it again with the same settings and NOT harm/delete all the users emails or the mailstore
or anything bad for that matter?
I have the details on how to create the connector but just wanted to check that's its ok to remove it and re-add it again now that everything was setup and running fine. I'm hoping the recreated Connector will fix what I broke.
Appears what I have done has broken my connectivity to telnet to port 25 to the exchange server from the outside world although oddly I can telnet to the server from a command prompt on the exchange server (telnet "servername" 25) and
getpresented with the exchange server responding. The tickbox for anonymous is ticked already. Port 25 already is forwarded from the firewall to the exchange server and was working fine till I made the error.
Any help is greatly appreciated. Thankyou.

OK so I found some more details online and decided to take the plunge (after a backup was taken) and my problem is now fixed. Although thank you to the 40 people that atleast looked at my query.
This worked for me, please read, backup and decide yourself if you wish to follow my steps.
1. I Read this to understand more on how I broke it in the first place  :
First section of this......
https://exchangemaster.wordpress.com/tag/smtp/
then
http://support.microsoft.com/kb/2958036
2. Deleted the Default Frontend "servername" Receive connector
3. Recreated it using these guidelines below. (I included them all for your ref). Source https://social.technet.microsoft.com/Forums/exchange/en-US/32e13998-a84e-4f10-8557-3f7ce6fdb824/2013-default-receive-connectors:
[PS] C:\>Get-ReceiveConnector | fl Name,AuthMechanism,RemoteIPRanges,TransportRole,permissiongroups,MaxMessageSize
Name             : Default EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 35 MB (36,700,160 bytes)
Name             : Client Proxy EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers
MaxMessageSize   : 35 MB (36,700,160 bytes)
Name             : Default Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 36 MB (37,748,736 bytes)
Name             : Outbound Proxy Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers
MaxMessageSize   : 36 MB (37,748,736 bytes)
Name             : Client Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : ExchangeUsers
MaxMessageSize   : 35 MB (36,700,160 bytes)
4. Recreated the Receive connector for my photocopier/scanner but this time choose Frontend Transport role and Not the default Hubtransport. Restarted the server, crossed my fingers and everything worked!! (Apparently restarting both transport services
is sufficient, but hey I just want to be sure it works from reboot in future.
Exchange SP1 will break any custom receive connectors that you have made prior to installing the update (nor even warn you that you're about to create an addition hub transport connector on port 25 after the SP1 update, there should
be only one hubtransport on port 25 as I understand it, its ok for Frontend transport) . The transport service will not start, so to save you the hassle of deleting your custom connector just run this command from an elevated exchange powershell command to
change the custom connector from hubtransport to Frontend Transport then start the transport service. ( you may have to kill the Transport service .exe process in task manager, then start the transport services after this amendment from the services.msc panel)
Set-ReceiveConnector –Identity "Your Receive connector name" –TransportRole FrontendTransport
Alternatively, delete and re-create the receive connector and set its role to
FrontendTransport and NOT HUBTRANSPORT !!!!!!!!!!!
This issue occurs if there is a receive connector of Transport type
HubTransport that has the binding set to port 25 on the affected Exchange 2013 server. On an Exchange 2013 server that has both back-end and front-end roles, only the
FrontendTransport server-type receive connector should have the binding set to port 25.
To fix this issue, run the following cmdlet to change the connector type from
HubTransport to FrontendTransport:
Source: http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/exchange-server-2013-sp1-transport-service-stops-and-does-not-restart.html

Exchange 2013 crash after installing CU9, can i use the database on a backup?

so just installed tried to install CU 9 on Exchange 2013, installed fine and rebooted BSOD problem with ndis.sys, have a backup but dont wanna loose too much mail, can i restore the old backup and copy the databases and logs from the crashed exchange? if it is possible would i need to run some commands afterwards or would it just work?
This topic first appeared in the Spiceworks Community

What’s new: June 2015
Here's a roundup of what's been happening in the world of Office 365 over the last month:
Office for Android phone is here—The new Word, Excel and PowerPoint apps for Android phone have arrived! Review and edit documents on the go, present from your phone, and quickly find the files you were working on in the office or on your tablet. Access files stored in OneDrive, Dropbox, Google Drive and Box. You can download the apps today, and soon they’ll come preloaded on Samsung, Sony, LG and more Android phones.
Wunderlist now part of Microsoft—Microsoft recently acquired Wunderlist, the market-leading to-do list app. Known for its ease of use and innovative design, Wunderlist provides an easy way to capture, organize and collaborate on lists and to-dos—for home, school and work. It’s a fantastic app and it’s available on...

How to create a virtual directory using EPG

Hi,
Can anyone tell me how to create a virtual directory in the EPG that points to a physical directory in the database server?
Thanks,
Andrew.

You can create an Oracle directory that points to an operating system directory in the database product... Does that help?
Thank you,
Tony Miller
Webster, TX
There are two kinds of pedestrians -- the quick and the dead.
If this question is answered, please mark the thread as closed and assign points where earned..

Exchange 2013 SP1 -OWA and ECP login authentication

Coexisting with Exchange 2007 in the same Org.
Just been through a nightmare where I changed the authentication type from Basic and Forms to Windows Integrated Authentication through the EAC for OWA and ECP. It broke them completely. Three hours later after rebuilding the two virtual directories I have
it working.
So I learnt about the backend process for both ECP and OWA and realised I have to have the authentication types the same in front and back end.
1. Is there a way to set authentication for both components at the same time? (that's a stoopid design)
2. So now I have integrated authentication- but I cannot login as someone else unless of course I login to windows as that other person. Which authentication do I need to add to allow prompting ifor other credentials (or is this not possible)?
3. Set-ECPvirtualdirectory can set the backend but get-ecpvirtualdirectory can not. It was really difficult to see the two sections had different authentication settings. Is there a way to see them?

I would recommend Basic Authentication and set Group Policy to add Exchange URLs to Trusted sites and modify IE settings to "Automatic login using current username/password" option for trusted settings.
This way Single-Signon would work for domain joined systems and Basic authentication would prompt for any unsuccessful logins
However, from the best practices perspective, I would recommend Form based authentication, unless there are business reasons for not doing it this way.
- Sarvesh Goel - Enterprise Messaging Administrator

Exchange 2013 - Unable to Delete Mailbox

When I try to delete a mailbox I get this error:
Active Directory operation failed on dc01.domain.local. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
I've ensured that "Inheritable Permissions" are checked for this user.
I noticed "Deny" permissions when I run this powershell command on the Exchange server:
[PS] C:\Windows\system32>Get-MailboxPermission -Identity jane.doe | fl
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, ReadPermission}
Deny            : False
InheritanceType : All
User            : NT AUTHORITY\SELF
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : False
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : DOMAIN\administrator
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : DOMAIN\Domain Admins
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : DOMAIN\Enterprise Admins
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : DOMAIN\Exchange Organization Administrators
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : DOMAIN\Organization Management
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess}
Deny            : False
InheritanceType : All
User            : NT AUTHORITY\SYSTEM
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : NT AUTHORITY\NETWORK SERVICE
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : DOMAIN\administrator
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : DOMAIN\Domain Admins
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : DOMAIN\Enterprise Admins
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, ReadPermission}
Deny            : False
InheritanceType : All
User            : DOMAIN\Exchange Servers
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : DOMAIN\Exchange Organization Administrators
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : DOMAIN\Exchange View-Only Administrators
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : DOMAIN\Exchange Public Folder Administrators
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : DOMAIN\Exchange Trusted Subsystem
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : DOMAIN\Organization Management
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : DOMAIN\Public Folder Management
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : DOMAIN\Delegated Setup
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
RunspaceId      : 2bd98ff2-251e-4b74-ade0-6cb0d81215a4
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : DOMAIN\Managed Availability Servers
Identity        : DOMAIN.local/Accounting/Jane Doe
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged
These permissions remain the same whether "Inheritable Permissions" is checked or not.
I think I'm running into a permissions issue, but I'm not sure where. A few weeks ago I messed with the permissions in AD for Exchange Servers, Exchange Trusted Subsystem, etc. This was in relation to another issue we were running into. The problem turned
out to be something else, but the permissions were left the way they were (not reverted back to the original). I feel that if I could get back to the default Exchange permissions that I'd be set. Is there a way to do that in a production environment without
breaking everything? Can I run /adprep?
Is there an easier way to get rid of those DENY's listed above? Are those even causing my problem?
Thanks in adavance.

Hi,
Thanks for your sharing.
It's great to hear the good news.
Best regards,
Amy Wang
TechNet Community Support

Unable to open a Zip directory using windows default uncomressed folder

Hi
I Created a zip directory in AIX using java.util.zipfile. now when I am trying to open it in windows using its defult uncompress method I am unable to do it.
here is the sample code
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
public class Zipdita {
public void zipFolder(String srcFolder, String destZipFile, String Z_PATH) throws Exception {
ZipOutputStream zip = null;
FileOutputStream fileWriter = null;
fileWriter = new FileOutputStream(destZipFile);
zip = new ZipOutputStream(fileWriter);
addFolderToZip(Z_PATH, srcFolder, zip);
zip.flush();
zip.close();
public void addFileToZip(String path, String srcFile, ZipOutputStream zip)
System.out.println("file in addFileToZip " + srcFile);
try {
          File folder = new File(srcFile);
          /*if (folder.isDirectory()) {
          addFolderToZip(path, srcFile, zip);
          } else {*/
          byte[] buf = new byte[1024];
          int len;
          FileInputStream in = new FileInputStream(srcFile);
          zip.putNextEntry(new ZipEntry(srcFile ));
          while ((len = in.read(buf)) > 0) {
          zip.write(buf, 0, len);
     } catch (FileNotFoundException e) {
          e.printStackTrace();
     } catch (IOException e) {
          e.printStackTrace();
     } catch (Exception e) {
          e.printStackTrace();
public void addFolderToZip(String Z_PATH, String srcFolder, ZipOutputStream zip)
throws Exception {
File folder = new File(srcFolder);
System.out.println("Folder Name::"+folder.getName());
for (String fileName : folder.list()) {
//if (path.equals("")) {
     System.out.println("Filename to be zipped" + fileName);
addFileToZip(Z_PATH, srcFolder + fileName, zip);
//} else {
//addFileToZip(path + "/" + folder.getName(), srcFolder + "/" + fileName, zip);
the srcFolder referes to /a/b/
destZipfile refres to /a/b.zip
srcfile refers to /a/b/c.txt
now the zip gets created but it takes the path /a/b.Due to which I m unable to open it in windows.
please help me in removing the / from the Zip file.

Hello and welcome to the forum. Let me add code tags to your posted code
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
public class Zipdita {
public void zipFolder(String srcFolder, String destZipFile, String Z_PATH) throws Exception {
    ZipOutputStream zip = null;
    FileOutputStream fileWriter = null;
    fileWriter = new FileOutputStream(destZipFile);
    zip = new ZipOutputStream(fileWriter);
    addFolderToZip(Z_PATH, srcFolder, zip);
    zip.flush();
    zip.close();
public void addFileToZip(String path, String srcFile, ZipOutputStream zip)
System.out.println("file in addFileToZip " + srcFile);
    try {
      File folder = new File(srcFile);
      /*if (folder.isDirectory()) {
        addFolderToZip(path, srcFile, zip);
      } else {*/
        byte[] buf = new byte[1024];
        int len;
        FileInputStream in = new FileInputStream(srcFile);
        zip.putNextEntry(new ZipEntry(srcFile ));
        while ((len = in.read(buf)) 0) {
          zip.write(buf, 0, len);
   } catch (FileNotFoundException e) {
      e.printStackTrace();
   } catch (IOException e) {
      e.printStackTrace();
   } catch (Exception e) {
      e.printStackTrace();
public void addFolderToZip(String Z_PATH, String srcFolder, ZipOutputStream zip)
      throws Exception {
    File folder = new File(srcFolder);
    System.out.println("Folder Name::"+folder.getName());
    for (String fileName : folder.list()) {
      //if (path.equals("")) {
       System.out.println("Filename to be zipped" + fileName);
        addFileToZip(Z_PATH, srcFolder + fileName, zip);
      //} else {
        //addFileToZip(path + "/" + folder.getName(), srcFolder + "/" + fileName, zip);
}

Exchange 2010 Unable to Assign Full Access Permissions using a Security Group

I've been running into this issue lately. I cannot seem to use groups to allow full access to mailboxes. When I add them from the EMC, it will show up when you go to "Manage Full Access Permission...". After waiting a day and even restarting
the Information Store service, the permissions do not take effect. When I view the msExchDelegateListLink attribute of the mailbox account, the group is not listed.
When I grant a user full permission, it works and updates the attribute. However, on occasion when I revoke the full access permission for a user is doesn't always remove that user from the msExchDelegateListLink attribute. So the mailbox
will still appear in Outlook, but the user isn't able to see new emails.
Any ideas on what may be going wrong?
Environment:
Exchange Server 2010 SP1 Standard
Windows Server 2008 R2 Standard
Outlook 2010 SP1 (tried without SP1 as well)
I was looking over Add-MailboxPermission on Technet (http://technet.microsoft.com/en-us/library/bb124097.aspx) and I noticed that it doesn't mention adding groups. Is this not possible?

I never got a proper fix.
I worked around it by creating a script which gets the members of an AD Mail Enabled security group, and updates the full access based on the groups members.
Here's a script I'm running every hour which updates permissions. It's probably not the most efficient script ever, but it works. It has several benefits
1. Managers of the distribution group can add/remove mailbox members using OWA or through the address list
2. New members of groups are added to FULL Access Permissions
3. Members removed from the groups are removed from FULL access permissions
4. Automapping works :)
5. Maintains a log of access added / removed / time taken etc.
Obviously I have had to remove domain related information, replace with whatever your domain requirements are, and PLEASE debug it properly in your environent first, don't complain to me if it wipes out a load of access for you or something like that!
It takes about 5 minutes to run in my environement. Some formatting seems to have got messed up on here, sorry. I hope it is of use!
# Mailbox Permissions Setter for Exchange #
# v1.1 #
# This script will loop through all mailboxes in Exchange and find any where #
# the type is 'SHARED'. These should be determined to be a GROUP/SHARED mailbox #
# and access to these mailboxes are controlled by a single ACL, e.g. 'ACL_Shared_Mailbox'. #
# This script will add any members of these ACLs directly to the Full Access Permissions #
# of the mailbox and also remove them if they no longer need the access. #
# Script created by Jon Read, Technical Administration
# Recent Changes
# 15/11/2012
# 1.1 Added exclusions for ACLs that we don't want automapping to happen for
# 12/11/2012
# 1.0 Initial script
#Do not change these values
Add-PSSnapin *Ex*
$starttime = Get-Date
$logfile = "C:\accesslog.txt"
$logfile2 = "C:\accesslog2.txt"
$totaladditionstomailboxes = 0
$totalremovalsfrommailboxes = 0
$totalmailboxesprocessed = 0
$totalmailboxesskipped = 0
# Exclude any ACLs that shouldn't be processed here if they are used for a non-standard purpose and
# we don't want FULL access mapping to happen. Seperate array values with commas
$ExcludedACLArray = "DOMAIN\ACL_ExcludedExample"
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "#----------------------------------------------------------------#" >> $logfile
Write-Output "# Mailbox Permissions Setter for Exchange #" >> $logfile
Write-Output "# v1.1 #" >> $logfile
Write-Output "#----------------------------------------------------------------#" >> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-output "Start time $starttime ">> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
# Set preferred DCs and GCs
$preferredDC = "preferredDC.domain"
$preferredGC = "preferredGC.domain"
Write-Output " PreferredDC = $preferredDC ">> $logfile
Write-Output " PreferredGC = $preferredGC " >> $logfile
Set-ADServerSettings -PreferredGlobalCatalog $preferredGC -SetPreferredDomainControllers $preferredDC
# The first part of this will ADD permissions to the mailbox, reading from an associated ACL.
# Check for all mailboxes where the type is SHARED. These are the only ones we would
# want to apply group mailbox permissions to.
foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
$totalmailboxesprocessed = $totalmailboxesprocessed + 1
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
Write-Output "| MAILBOX ADDITIONS: $mailbox " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
$mailbox=$mailbox.ExchangeGuid.ToString()
# For each of them, get the distribution list applied to the mailbox (Starting DOMAIN\ACL_)
# We then need it to be turned into a string to use later.
#Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
$changes = 0
foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
$skipACL = 0
#Get the distribution group and put the name in a useable format
$distributiongroup=$distributiongroup.user.tostring()
Write-Output "Found ACL $distributiongroup" >> $logfile
# Check if this distribution group needs to be excluded and if it shouldn't be processed
# then move onto the next ACL. This will stop FULL access being granted if the mailbox is
# used for a non-standard purpose. See the start of this script
# for where these are excluded (ExcludedACLArray)
foreach ($ACL in $ExcludedACLArray )
if ($distributiongroup -eq $ACL)
$skipACL = 1
Write-Output "ACL $distributiongroup is excluded so skipping mailbox " >> $logfile
$totalmailboxesskipped = $totalmailboxesskipped + 1
if ($skipACL -eq 0)
# Get each user in this group and for each of them, add try to add them to full access permissions.
foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
# Get the user to try, convert to DOMAIN\USER to use shortly
$user="DOMAIN\" + $user.alias.ToString()
# Check to see if the user we have chosen from the ACL group already exists in the full access
# permissions. If they do, set $userexists to 1, if they do not, leave $userexists set to 0.
# Set $userexists to 0 as the default
$userexists = 0
foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission)
# See if the user exists in the mailbox access list.
# Change $fullaccessuser to a useable string (matching $user)
$fullaccessuser=$fullaccessuser.user.tostring()
if ($fullaccessuser -eq $user)
$userexists=1
# Break out of foreach if the user exists so we don't unnecessarily loop
break
# Now we know if the user needs to be added or not, so run code (if needed) to add
# the user to full access permissions
if ($userexists -eq 0)
Add-MailboxPermission $mailbox –user $user –accessrights "FullAccess"
Write-Output "Added $user " >> $logfile
$changes = 1
$totaladditionstomailboxes = $totaladditionstomailboxes + 1
#Now repeat for other users in the ACL
#if changes were 0, then log that no changes were made
if ($changes -eq 0)
Write-Output "No changes were made." >> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "---------------------------------------------------------------------------------" >> $logfile
Write-Output " FINISHED ADDING PERMISSIONS" >> $logfile
Write-Output "---------------------------------------------------------------------------------" >> $logfile
Write-Output " " >> $logfile
# The second part of this will REMOVE permissions from the mailbox, reading from an associated ACL.
## Check for all mailboxes where the type is SHARED. These are the only ones we would
## want to apply group mailbox permissions to.
foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
Write-Output "| MAILBOX REMOVALS : $mailbox " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
$mailbox=$mailbox.ExchangeGuid.ToString()
#Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
$changes = 0
# For the current mailbox, get a list of all users with FULLACCESS, and then for each of them
# check if they exist in the ACL
foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.Accessrights -like "FullAccess" })
# Get the security identifier (SSID) of the FULLACCESS user to store for later.
$fullaccessuserSSID=$fullaccessuser.user.SecurityIdentifier.ToString()
$fullaccessuser=$fullaccessuser.User.ToString()
#If user needs to be excluded then skip this bit
#Users added or removed will only start with 07 (07$, 07T, so only run if the user starts with this.
#This stops it trying to remove NT AUTHORITY\SELF and other System entries
if ($fullaccessuser -like "DOMAIN\07*")
# Set $userexists to be 0. if we find the use user needs to remain, then change it to 1.
$userexists=0
# Check if this user exists in the ACL, if not, remove.
foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
$distributiongroup=$distributiongroup.user.tostring()
#Write-Output "Found associated distribution group $distributiongroup" >> $logfile
# Get each user in this group and for each of them, See if it matches the user in the mailbox.
foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
# Get the user to try, convert to DOMAIN\USER to use shortly
$userguid = $user.Guid.ToString()
$user="DOMAIN\" + $user.alias.ToString()
if ($fullaccessuser -eq $user)
$userexists=1
#we have found the user exists so no need to continue
break
# If userexists = 0, then they are NOT in the ACL, and should be removed from
# the full access permissions. Run the code to remove them from full access.
#CONVERT FULLACCESSUSER TO GUID AND REMOVE $FULLACCESSUSERGUID NOT $USERGUID
if ($userexists -eq 0)
Remove-MailboxPermission -Identity $mailbox –user $fullaccessuserSSID –accessrights "FullAccess" -Confirm:$false
Write-Output "Removed $fullaccessuser " >> $logfile
$changes = 1
$totalremovalsfrommailboxes = $totalremovalsfrommailboxes + 1
# if changes = 0, no changes were made to this mailbox, so log this fact.
if ($changes -eq 0)
Write-Output "No changes were made." >> $logfile
#Put the time in a displayable format
$endtime = Get-Date
$runtime = $endtime - $starttime
$runtime = $runtime.ToString()
$runtime1 = $runtime.split(".")
$totaltime = $runtime1[0]
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
Write-Output "| SCRIPT COMPLETE : STATS " >> $logfile
Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
Write-Output "| Total Mailboxes Processed : $totalmailboxesprocessed " >> $logfile
Write-Output "| Total Additions : $totaladditionstomailboxes " >> $logfile
Write-Output "| Total Removals : $totalremovalsfrommailboxes " >> $logfile
Write-Output "| Total Mailboxes Skipped due to ACL : $totalmailboxesskipped " >> $logfile
Write-output "| Start time : $starttime ">> $logfile
Write-output "| End time : $endtime ">> $logfile
Write-Output "| **END OF RUN** - Elapsed time : $totaltime " >> $logfile
Write-Output "|---------------------------------------------------------------------------------------" >> $logfile
Write-Output " " >> $logfile

New virtual Directory using JAVA

Hello Friends;
I want to create a folder under SAP j2ee engine and i want to upload my files under new folder and use it like
http://portal:port/Newfolder/mynew_photo.jpg
It is possible in iis. For ex. i can create a folder manuel under
c:\inetpub\wwwroot\new_folder
and after i put my files i can use it
http://iisserver:port/new_folder/new_photo.jpg
I have tried this directories
D:\usr\sap\p50\JC01\j2ee\cluster\server0\apps\sap.com
D:\usr\sap\p50\JC01\j2ee\cluster\server0\apps\
D:\usr\sap\p50\JC01\j2ee\cluster\server0\
and i have create new folder but i couldnt use it.
I hope that i have explained my question.
Thanks in Advance
Best Regards

Dear Eray,
              You can use the following Java code to create the Folder (Directory) in the SAP J2EE Engine and add the contents in the Directory
import java.io.*;
class CreateDirectory
   public static void main(String args[])
      try{
    String strDirectoy ="test";
    String strManyDirectories="dir1/dir2/dir3";
    // Create one directory
    boolean success = (new File(strDirectoy)).mkdir();
    if (success) {
      System.out.println("Directory: " + strDirectoy + " created");
    // Create multiple directories
    success = (new File(strManyDirectories)).mkdirs();
    if (success) {
      System.out.println("Directories: " + strManyDirectories + " created");
    }catch (Exception e){//Catch exception if any
      System.err.println("Error: " + e.getMessage());
Rewards Points if useful..
Regards,
N.Jayanth Kumar

Exchange 2013 EAC- block external access only

This question I'm sure has been asked many times- but it must be possible to block EAC externally and still allow ECP and OWA externally. I need EAC to work internally only.I'm aware of the official response on this (not possible) but has anyone come
up with a way that does not use dedicated IP's. We have F5's at the gateway so maybe filter out the URL? Any suggestions?

The best approach that I've seen, so far, is something close to what Sathish suggested:
1. You need to disable EAC on the default web site - both for internal and external users.
2. Create a new ECP virtual directory, using a different internal IP. That IP will not be translated and accessible from the Internet. Everybody on the local LAN will have access to it.
Step by Step Screencasts and Video Tutorials

Unable to access ECP on a new Exchange 2013 Install

I have a standalone exchange 2010 server (setup with all roles) and yesterday went ahead to setup an Exchange 2013 Server. Installed both CAS and mailbox roles for Exchange 2013 but after the install, I am unable to access the Exchange Admin Center.
If i try to access to https://EXCHANGE 2013 FQDN\ecp , after inserting my login information, it asks for the login information again and redirects to webmail. I have read all posts of users experiencing similar issues and tried all possible measures.
As the 2013 coexists with Exchange 2010 and mailboxes still reside on 2010, I have tried the URL
https://EXCHANGE 2013 FQDN/ecp?ExchClientVer=15 but got the same result.
Also, the CAS is installed on the server and i see the ECP virtual directory and URL.
please see below the output for Get-ExchangeServer | FL and Get-EcpVirtualDirectory | FL
[PS] C:\Windows\system32>Get-ExchangeServer | FL
RunspaceId : bdd191f7-2d42-4930-88b6-0b61f0a4e95d
Name : NYC-HQXCH-02
DataPath : C:\Program Files\Microsoft\Exchange Server\V14\Mailbox
Domain : company.loc
Edition : Enterprise
ExchangeLegacyDN : /o=company/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=NYC-HQXCH-02
ExchangeLegacyServerRole : 0
Fqdn : NYC-HQXCH-02.company.loc
CustomerFeedbackEnabled :
InternetWebProxy :
IsHubTransportServer : True
IsClientAccessServer : True
IsExchange2007OrLater : True
IsEdgeServer : False
IsMailboxServer : True
IsE14OrLater : True
IsE15OrLater : False
IsProvisionedServer : False
IsUnifiedMessagingServer : False
IsFrontendTransportServer : False
NetworkAddress : {ncacn_vns_spp:NYC-HQXCH-02, netbios:NYC-HQXCH-02, ncacn_np:NYC-HQXCH-02,
ncacn_spx:NYC-HQXCH-02, ncacn_ip_tcp:NYC-HQXCH-02.company.loc, ncalrpc:NYC-HQXCH-02}
OrganizationalUnit : company.loc/NYC-HQXCH-02
AdminDisplayVersion : Version 14.3 (Build 123.4)
Site : company.loc/Configuration/Sites/NewYorkHQ
ServerRole : Mailbox, ClientAccess, HubTransport
ErrorReportingEnabled :
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainController :
StaticExcludedDomainControllers : {}
MonitoringGroup :
WorkloadManagementPolicy :
CurrentDomainControllers : {}
CurrentGlobalCatalogs : {}
CurrentConfigDomainController :
ProductID : 02064-110-8022196-75756
IsExchangeTrialEdition : False
IsExpiredExchangeTrialEdition : False
MailboxProvisioningAttributes :
RemainingTrialPeriod : 00:00:00
Identity : NYC-HQXCH-02
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=NYC-HQXCH-02,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=company,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=company,DC=loc
Guid : 1745c93f-419d-402c-b832-708958fc502c
ObjectCategory : company.loc/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 4/2/2014 1:50:56 PM
WhenCreated : 8/25/2013 11:12:43 AM
WhenChangedUTC : 4/2/2014 6:50:56 PM
WhenCreatedUTC : 8/25/2013 4:12:43 PM
OrganizationId :
OriginatingServer : SVR-DC-01.company.loc
ObjectState : Unchanged
RunspaceId : bdd191f7-2d42-4930-88b6-0b61f0a4e95d
Name : NYC-HQARC-02
DataPath : C:\Program Files\Microsoft\Exchange Server\V14\Mailbox
Domain : company.loc
Edition : Enterprise
ExchangeLegacyDN : /o=company/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=NYC-HQARC-02
ExchangeLegacyServerRole : 0
Fqdn : NYC-HQARC-02.company.loc
CustomerFeedbackEnabled :
InternetWebProxy :
IsHubTransportServer : False
IsClientAccessServer : False
IsExchange2007OrLater : True
IsEdgeServer : False
IsMailboxServer : True
IsE14OrLater : True
IsE15OrLater : False
IsProvisionedServer : False
IsUnifiedMessagingServer : False
IsFrontendTransportServer : False
NetworkAddress : {ncacn_vns_spp:NYC-HQARC-02, netbios:NYC-HQARC-02, ncacn_np:NYC-HQARC-02,
ncacn_spx:NYC-HQARC-02, ncacn_ip_tcp:NYC-HQARC-02.company.loc, ncalrpc:NYC-HQARC-02}
OrganizationalUnit : company.loc/NYC-HQARC-02
AdminDisplayVersion : Version 14.3 (Build 123.4)
Site : company.loc/Configuration/Sites/NewYorkHQ
ServerRole : Mailbox
ErrorReportingEnabled :
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainController :
StaticExcludedDomainControllers : {}
MonitoringGroup :
WorkloadManagementPolicy :
CurrentDomainControllers : {}
CurrentGlobalCatalogs : {}
CurrentConfigDomainController :
ProductID : 02064-110-8022196-75187
IsExchangeTrialEdition : False
IsExpiredExchangeTrialEdition : False
MailboxProvisioningAttributes :
RemainingTrialPeriod : 00:00:00
Identity : NYC-HQARC-02
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=NYC-HQARC-02,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=company,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=company,DC=loc
Guid : c07f34f4-92f1-49f0-a412-d7094eaaba3b
ObjectCategory : company.loc/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 4/2/2014 1:50:57 PM
WhenCreated : 9/9/2013 3:27:16 PM
WhenChangedUTC : 4/2/2014 6:50:57 PM
WhenCreatedUTC : 9/9/2013 8:27:16 PM
OrganizationId :
OriginatingServer : SVR-DC-01.company.loc
ObjectState : Unchanged
RunspaceId : bdd191f7-2d42-4930-88b6-0b61f0a4e95d
Name : SVR-EXCH-01
DataPath : C:\Program Files\Microsoft\Exchange Server\V15\Mailbox
Domain : company.loc
Edition : StandardEvaluation
ExchangeLegacyDN : /o=company/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=SVR-EXCH-01
ExchangeLegacyServerRole : 0
Fqdn : SVR-EXCH-01.company.loc
CustomerFeedbackEnabled :
InternetWebProxy :
IsHubTransportServer : True
IsClientAccessServer : True
IsExchange2007OrLater : True
IsEdgeServer : False
IsMailboxServer : True
IsE14OrLater : True
IsE15OrLater : True
IsProvisionedServer : False
IsUnifiedMessagingServer : True
IsFrontendTransportServer : True
NetworkAddress : {ncacn_vns_spp:SVR-EXCH-01, netbios:SVR-EXCH-01, ncacn_np:SVR-EXCH-01,
ncacn_spx:SVR-EXCH-01, ncacn_ip_tcp:SVR-EXCH-01.company.loc, ncalrpc:SVR-EXCH-01}
OrganizationalUnit : company.loc/SVR-EXCH-01
AdminDisplayVersion : Version 15.0 (Build 847.32)
Site : company.loc/Configuration/Sites/Chicago-COLO1
ServerRole : Mailbox, ClientAccess
ErrorReportingEnabled :
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainController :
StaticExcludedDomainControllers : {}
MonitoringGroup :
WorkloadManagementPolicy : DefaultWorkloadManagementPolicy_15.0.825.0
CurrentDomainControllers : {}
CurrentGlobalCatalogs : {}
CurrentConfigDomainController :
ProductID :
IsExchangeTrialEdition : True
IsExpiredExchangeTrialEdition : False
MailboxProvisioningAttributes :
RemainingTrialPeriod : 179.06:13:25.2449639
Identity : SVR-EXCH-01
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SVR-EXCH-01,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=company,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=company,DC=loc
Guid : 91eb6d6b-bfd0-4ce0-80ce-67585e7cbeae
ObjectCategory : company.loc/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 5/13/2014 6:54:13 PM
WhenCreated : 5/13/2014 6:41:08 PM
WhenChangedUTC : 5/13/2014 11:54:13 PM
WhenCreatedUTC : 5/13/2014 11:41:08 PM
OrganizationId :
OriginatingServer : SVR-DC-01.company.loc
ObjectState : Unchanged
[PS] C:\Windows\system32>Get-EcpVirtualDirectory | FL
RunspaceId : bdd191f7-2d42-4930-88b6-0b61f0a4e95d
AdminEnabled : True
OwaOptionsEnabled : True
Name : ecp (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
MetabasePath : IIS://NYC-HQXCH-02.company.loc/W3SVC/1/ROOT/ecp
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
DefaultDomain : company.loc
GzipLevel : High
WebSite : Default Web Site
DisplayName : ecp
Path : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ecp
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 14.3 (Build 123.4)
Server : NYC-HQXCH-02
InternalUrl : https://webmail.companytravel.com/ecp
ExternalUrl :
ExternalAuthenticationMethods : {Fba}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=ecp (Default Web
Site),CN=HTTP,CN=Protocols,CN=NYC-HQXCH-02,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=company,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=company,DC=loc
Identity : NYC-HQXCH-02\ecp (Default Web Site)
Guid : 0963f097-ff86-4d8f-a98a-8be409068eae
ObjectCategory : company.loc/Configuration/Schema/ms-Exch-ECP-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchECPVirtualDirectory}
WhenChanged : 4/2/2014 1:50:57 PM
WhenCreated : 8/30/2013 1:06:50 PM
WhenChangedUTC : 4/2/2014 6:50:57 PM
WhenCreatedUTC : 8/30/2013 6:06:50 PM
OrganizationId :
OriginatingServer : SVR-DC-01.company.loc
IsValid : True
ObjectState : Changed
RunspaceId : bdd191f7-2d42-4930-88b6-0b61f0a4e95d
AdminEnabled : True
OwaOptionsEnabled : True
Name : ecp (Default Web Site)
InternalAuthenticationMethods : {Basic, Fba}
MetabasePath : IIS://SVR-EXCH-01.company.loc/W3SVC/1/ROOT/ecp
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
DefaultDomain :
GzipLevel : Low
WebSite : Default Web Site
DisplayName : ecp
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
Server : SVR-EXCH-01
InternalUrl : https://svr-exch-01.company.loc/ecp
ExternalUrl :
ExternalAuthenticationMethods : {Fba}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=ecp (Default Web Site),CN=HTTP,CN=Protocols,CN=SVR-EXCH-01,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=company,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=company,DC=loc
Identity : SVR-EXCH-01\ecp (Default Web Site)
Guid : 052fdd05-42f4-471b-8759-525e93d6b97d
ObjectCategory : company.loc/Configuration/Schema/ms-Exch-ECP-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchECPVirtualDirectory}
WhenChanged : 5/13/2014 6:52:11 PM
WhenCreated : 5/13/2014 6:52:11 PM
WhenChangedUTC : 5/13/2014 11:52:11 PM
WhenCreatedUTC : 5/13/2014 11:52:11 PM
OrganizationId :
OriginatingServer : SVR-DC-01.company.loc
IsValid : True
ObjectState : Changed

Ok. Went ahead and tried https://<EX2013_FQDN/ecp/?ExchClientVer=15
Still took me to the webmail.
I also tried creating a user on 2013 mailbox database. gave all permissions. Still no luck.

Can no longer log into ECP on Exchange 2013

I am no longer able to log into my Exchange 2013 SP1 ECP site. Here are a few items to consider:
Installed replacement UC on 5/7/14. Configured services POP, IMAP, SMTP, IIS. Removed IIS from existing UC which still had 6 days of life. Both certs identical. I did no further changes for this new cert other than install it through ECP.
"Old" cert died 5/13/14 @ 8a. New cert took over without any problems.
Continued to use ECP through close of business 5/14/14. Late on 5/14/14 I attempted to log into ECP remotely thru a VPN to migrate users from our Exch 2007 server. Could not access ECP.
When I attempt to access ECP, I enter <domain>\<username> and password. When I hit "enter" or "sign in", the page flashes and the password field is empty.
I am still able to log into OWA
I cannot log into ECP using the server name, localhost or cert name.
Currently using default settings of FBA and Basic authentication
UC is correctly bound to both front and backend of IIS (443, 444)
Everything else is working correctly for the Exchange site. I have been continuing my migrations through Powershell. I just can't log into ECP.
I created a new Exchange Admin user only to find I still could not log into ECP.
Short Version: I was able to login and then, after a four hour stretch, I was not able to login. No errors on the web page or Event logs. Exchange is routing mail correctly.
I have scoured the web for that past couple of days looking for a solution but the issues I find are throwing up a web page with an error of some sort. Since I'm not experiencing that issue, I'm a bit stumped. I'm no expert, but I'm not a novice.
Since 2013 is a new rebuild, I thought it best to ask for a little assistance. Any advice/assistance would be appreciated.

You might consider rebuilding the ECP virtual directory:
http://technet.microsoft.com/en-us/library/ff629372.aspx
With the EMS, procedure should be the same for Exchange 2010 and 2013.
Since you state that everything else is working, other virtual directories included (OWA for ex.), it's most likely something with the ECP virtual directory.
But even before that, I would try to look at the (rather cryptic) IIS logs and see if you cannot find any useful information there:
http://social.technet.microsoft.com/Forums/exchange/en-US/935eeb5b-d996-4933-9cbd-0347ebad801d/how-can-i-view-exchange-iis-logs?forum=exchange2010
There were some ideas in this thread but i think you may have seen it already?
http://social.technet.microsoft.com/Forums/exchange/en-US/1736b5ab-e69b-4637-aa59-f2d9bd54ead2/unable-to-access-exchange-2013-eacecp-webpage?forum=exchangesvrdeploy
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

Exchange 2013 - Unable to recreate ECP Virtual Directory using New-EcpVirtualDirectory

Similar Messages

Maybe you are looking for