Exchange 2016 owa ошибка 500

After logging into Exchange 2016’s ECP you receive an HTTP Error 500 (same goes with OWA):

Searching the internet ends up with several possible solutions to this issue, ranging from missing System Attendant Mailboxes, to bogus ADSI settings regarding the Exchange CAS Service. I tried several of them to no prevail.

And it doesn’t matter whether you enter DOMAIN\Administrator or administrator@domain.local for your username. In most cases the simplest solution is to execute UpdateCas.ps1 PowerShell script located in the C:\Program Files\Microsoft\Exchange Server\V15\Bin folder, followed by an IISReset:

Once there was a case where UpdateCas.ps1 didn’t work, which left me with executing the following PowerShell cmdlets, in subsequent order:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $False -BasicAuthentication $True
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $True -BasicAuthentication $True
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -FormsAuthentication $false -BasicAuthentication $true
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -FormsAuthentication $true -BasicAuthentication $true
iisreset

Again, one Exchange 2016 Server in particular was immune against all those tricks and needed the following adjustments:

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -FormsAuthentication $false -BasicAuthentication $true -WindowsAuthentication $true
Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -FormsAuthentication $false -BasicAuthentication $true -WindowsAuthentication $true
iisreset
Recycle MSExchangeECPAppPool
Recycle MSExchangeOWAAppPool

Keep in mind that Authentication Settings for both Virtual Directories ECP and OWA must be identical:

After that I was able to successfully log into ECP and OWA again.

Update 2016-12-15

On another occassion it turned out that the Mailbox Database the user tried to access via OWA was actually unmounted. The Event Log showed a lot of Event IDs 1023, Event Source: MSExchange ActiveSync, with the following Event Message:

Exchange ActiveSync tried to access a mailbox on Mailbox server “yourserver.domain.local”. It could not access the mailbox because the Mailbox server is offline.

After mounting the corresponding Mailbox Database everything worked as expected. By coincidence the Administrator’s Mailbox was hosted on the exact same Mailbox Database, thus rendering the Administrator account unable to log into ECP and OWA, neither, resulting in http error 500.

Further reading:

• HTTP 500 Internal Server Error when logging into Exchange 2013 Exchange Control Panel (ECP)
• Exchange 2013 Troubleshooting: Error 500 when login ECP and OWA
• Exchange 2013 unable to login to OWA/ECP
• KB2871485 – The FBA page is displayed when a user accesses OWA or ECP to log on to Exchange Server 2013

Query: “Are you getting http 500 internal server error in Microsoft Exchange 2016, 2013 and 2010 ECP/OWA after login? Don’t worry, Read this blog and get the best solution for Exchange server error 500.”

Most of the time it seems that whenever you login to your Exchange Admin centre (EAC) a common Exchange server http 500 error occurs. The main source of this problem is caused due to improper configuration of the device. The Error indicates that the device tried to establish a connection with the server, but the request was rejected with an error message by the Exchange server itself. Let’s see the solution of Exchange Server 500 error.

Method 1: Step by Step Solution for HTTP 500 Error in Exchange Server 2016

Step 1: Go to Search bar and type «Exchange Managmenent Shell».

Step 2: A new window will appear named as: Administrator: Exchange Managmenent Shell.

Step 3: It will start connecting to your local EAC ip.

Step 4: After connecting, type Remove-OwaVirtualDirectory ‘win2\owa

Step 5: Message will appear “Are you sure you want to perform this action? Outlook Web App virtual directory “win2\owa ” is being removed.

Step 6: Type y.

Step 7: Type New-OwaVirtualDirectory – Website Name ‘Default Web site’.

Step 8: Restart your Computer.

Step 9: Now re-login. Exchange Server http 500 Error will be fixed.

Method 2: How to Fix 500 internal server error in Microsoft Exchange

1. Create a separate virtual directory which doesn’t require SSL or any other authentication method to establish a connection with the server. In this way you could temporarily connect with the server but that might serve as a potential threat due to lack of authentication.

2. Alternatively you can enable the settings on the root Exchange directory for the front end server using Microsoft utility “Metaedit.exe”.

3. To determine the Maximum token size allotted to the user, use Microsoft provided tool : Tokensz.exe : By default the maximum token size- 8,000 bytes were allotted for the legacy versions; but for the later versions , token size was increased upto 12,000 bytes.

4. Insufficient permissions problem might be raised due to broken Access Control List inheritance in the Active Directory. To resolve this follow these steps:

• Launch Active Directory Users and Computers.
• Locate View >> Advanced Features.
• Select the mailbox and right click to explore the properties.
• Navigate to Security >> Advanced.
• Ensure that “Include inheritable permissions from this object’s parent» is selected.

5. Alternatively you can re-add the existing users and new users to the Exchange. For that you need to access Active Directory Service Information:

• Open adsi edit.
• Locate the user in your existing domain.
• Expand the user details and remove the object “CN=ExchangeActiveSyncDevices”.

Tools that could be beneficial: http://test exchange connectivity.com helps to test the connectivity between the exchange server and the device.

Exchange Remote Content Analyzer: Helps to determine the connectivity issues between the exchange server and the deployments easily.

Causes of Exchange Server HTTP 500 Error

Now let’s examine the root cause for http 500 internal server error in Exchange here:

For the legacy Exchange server versions such as Exchange 2016, 2013, 2010, 2007,etc. the 500 internal server error is caused due to the following circumstances:

The Server uses SSL or Secure Sockets Layer protocol or form based authentication.

1. Virtual Directory of the Exchange Server has disabled Windows Authentication: The Active Sync Service uses the virtual directory to access the Outlook Web Access Templates and the WebDav on the Exchange Server. Hence, If the Virtual Directory is not enabled then Active Sync returns error.

2. Members existing in too many groups might face the error as the tokens generated might be larger than the maximum size allotted to them.

3. For Exchange 2010 and later versions, the user account might not have sufficient Permissions to access the mailbox in the Active Directory.

Conclusion

In the above content, I have discussed the best solution to resolve Exchange admin center http 500 internal server error quickly. Using step by step Exchange Management Shell method easily fix Exchange server error 500 without getting any hurdle.