Having issues to access owa/ecp after removing a certificate?

Share this:

In most of the cases the process to remove a certificate for any reason that we may have is a straight forward process in Exchange Server 2013 and we won’t notice a thing besides of a pop-up if the remaining certificate is not valid for the end-users but the service will be available.

However, in some cases when the certificate is removed improperly then the administrator/users may have an issue to access all web interfaces on the affected server.

Solution


The process to remove a certificate is simple, using Exchange Admin Center (EAC), click on servers and then certificates. Select the certificate that you want to remove (in our case the Public one, named Apatricio.info – Public Certificate) and hit the third icon from the left (trash icon).

image

A dialog box will require confirmation, just click on OK and we should be fine. Another certificate will take over IIS (responsible for OWA/ECP/WebServices and so forth).

image

What happen when something goes South?

In some scenarios, where the certificate is removed without the proper methods the administrator may get the following error message when trying to access the server itself (https://servername) and the same applies for /owa and /ecp.

image

If we have a second Exchange Server in the organization we can check the certificates on the affected server, and we will notice that the default Microsoft Exchange (or any other certificate that you may have assigned) has the IIS which means that certificate should be the one being used by IIS and the page should be working by now.

image

However, in some cases the binding is lost and we have the error that we noticed at the beginning of this section. A possible solution is to check the Bindings… of the Default Web Site

image

In the new window, select https 443 and click on Edit

image

Probably, if you are experience the issue of this Tutorial you will have Not Selected under SSL Certificate.

image

Click on it and change to the certificate that is on Exchange Admin Center (EAC) that has IIS assigned to it, in our case Microsoft Exchange and click OK.

image

Let’s reset the IIS to refresh all settings by running the following command on a PowerShell/Command session as administrator.

iisreset

image

Time to go back and try to connect on OWA or ECP and this time the result will be what we are expecting, as shown in the figure below.

image

Conclusion


In this Tutorial we went over the process to troubleshoot a certificate issue when the certificate is not removed properly.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

IMAP inaccessible on Exchange Server 2013 If you are experiencing an issue where the IMAP clients are not able to connect on the Exchange Server 2013/2016 server, and when trying to telnet the...
Managing mailbox audit feature in Exchange Server ... In this Tutorial we are going over the process to manage mailbox audit in Exchange Server 2013. Solution Exchange Server has a feature that can be ...
Exchange Server 2013 CU3 Available for download Hello there! Microsoft Exchange Team has just released the Exchange Server 2013 CU3. Cumulative Update 3 for Exchange Server 2013 resolves issues th...
Network Ports for Clients and Mail Flow in Exchang... Hello folks, Microsoft Exchange Team has just released a great article on TechNet about network ports for clients and mail flow in Exchange Server 201...