Exchange 2013 – OWA and ECP logins fail with 500 error

exchange-2013-500-error

After troubleshooting another issue, and having one of the 2013 servers crash a few times while running diagnostics, OWA and ECP logons started showing an error.

500 Unexpected Error :( An error occurred and your request couldn’t be completed. Please try again.

Reseting IIS, restarting the servers, clearing cookies etc had no effect.

Event 4 appears in the Application log at the time of the login.

Current user: 'Example.com/Test User'
Request for URL 'https://server01.example.com:444/ecp/default.aspx(https://server01/ecp/)' failed with the following error:
System.NullReferenceException: Object reference not set to an instance of an object.
 at Microsoft.Exchange.Clients.Common.Canary15.Init(Byte[] userContextIdBinary, Byte[] timeStampBinary, String logonUniqueKey, Byte[] hashBinary, String logData)
 at Microsoft.Exchange.Clients.Common.Canary15..ctor(String logonUniqueKey)
 at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpCookie(HttpCookie cookie, String logonUniqueKey, Canary15Profile profile)
 at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpContext(HttpContext httpContext, String logOnUniqueKey, Canary15Profile profile)
 at Microsoft.Exchange.Management.ControlPanel.CanaryExtensions.CheckCanary15(HttpContext context, Boolean shouldRenew, String canaryName)
 at Microsoft.Exchange.Management.ControlPanel.CanaryExtensions.CheckCanary(HttpContext context)
 at Microsoft.Exchange.Management.ControlPanel.RbacModule.Application_PostAuthenticateRequest(Object sender, EventArgs e)
 at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 at Microsoft.Exchange.Clients.Common.Canary15.Init(Byte[] userContextIdBinary, Byte[] timeStampBinary, String logonUniqueKey, Byte[] hashBinary, String logData)
 at Microsoft.Exchange.Clients.Common.Canary15..ctor(String logonUniqueKey)
 at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpCookie(HttpCookie cookie, String logonUniqueKey, Canary15Profile profile)
 at Microsoft.Exchange.Clients.Common.Canary15Cookie.TryCreateFromHttpContext(HttpContext httpContext, String logOnUniqueKey, Canary15Profile profile)
 at Microsoft.Exchange.Management.ControlPanel.CanaryExtensions.CheckCanary15(HttpContext context, Boolean shouldRenew, String canaryName)
 at Microsoft.Exchange.Management.ControlPanel.CanaryExtensions.CheckCanary(HttpContext context)
 at Microsoft.Exchange.Management.ControlPanel.RbacModule.Application_PostAuthenticateRequest(Object sender, EventArgs e)
 at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

The error appears to be related to corrupt attributes in Active Directory, specifically under CN=Client Access,CN=<org name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain>. The attribute msExchCanaryData0, or msExchCanaryData1, 2, 3, etc.  can contain bad data.

500-error-adsiedit

As always, be safe, have an AD backup you can rely on.  Then proceed to to clear the value of all the msExchCanaryData# attributes (shown above in ADSIEdit).  Then the App Pool(s) for MSExchangeECPAppPool and MSExchangeOWAAppPool need to be recycled by going into IIS Manager and right-clicking each pool, then choosing “Recycle…” At this point all was sorted out for me.

500-error-apppools

 

Found info regarding the issue on TechNet:  http://social.technet.microsoft.com/Forums/exchange/en-US/777b51ee-330d-43cc-a56e-4614d44aed7b/unable-to-access-owa-or-ecp-something-went-wrong-or-500-unexpected-error?forum=exchangesvrclients

Advertisements

11 responses to “Exchange 2013 – OWA and ECP logins fail with 500 error”

  1. M.Shams says :

    Thank you very much for sharing the solution

    Best regards

  2. Wesley Van Sickle says :

    This worked out fantastic for us. Thanks for the solution.

  3. Boe Dillard says :

    I do not see CN=Client Access – is it possible it is under some other cn or several layers down under a few?

  4. vallish says :

    Hi, I do not see the section called CN=Client Access when I open ADSI edit on my AD(which is also my exchange server) and connect to the AD. Any pointers?

    • Aftab Hussain says :

      Connect to Configuration, then CN=Configuration,DC=domain,DC=local, CN=Services,CN=Microsoft Exchange,CN=First Organization,CN=Client Access <– Then right click and select properties.

  5. Barn Oldman says :

    This worked. Thanks for posting!

  6. Luca says :

    had the same problem and solved thnks to this great post. what can i say…thanks for sharing, in just 20mins Owa has backed up online. I didn,t reboot mbx as i found in other places.
    Great
    Luca

  7. monkinsane says :

    Thanx! Sorted out my issue. In my case Outlook was working but OWA or ECP not.

  8. Spencer says :

    Same here, thanks ril3y

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: