Exchange 2013 / IIS / Certificate / EMS Gurus?
-
Anyone around with over-the-top knowledge of Exchange Server 2013, IIS, Certs, and Exchange Management Shell?
I need some help and am willing to pay for a successful outcome.
This is what I am fighting with:
VERBOSE: Connecting to EXCHANGE.mydomain.Local. New-PSSession : [exchange.mydomain.local] Connecting to remote server exchange.mydomain.local failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Micr ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme.... RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : CannotConnect,PSSessionOpenFailed Failed to connect to an Exchange server in the current site. Enter the server FQDN where you want to connect.:This all started after deleting an old outdated cert called: Microsoft Exchange
I believe it is the cert that allows encrypted communication between the Default Web site and the Exchange Back End. -
-
@jaredbusch Thanks! Hopefully he'll drop in.....
-
@jaredbusch said in Exchange 2013 / IIS / Certificate / EMS Gurus?:
@jasgot I can’t see your text clear enough while I’m driving. But I think I had a similar issue and @dbeato gave me the answer.
It was an extra binding in IIS that did not get properly updated.
Yeah, with the deletion of an old cert - a binding was the first thing I thought of.
-
@jasgot right here...
-
-
@dbeato said in Exchange 2013 / IIS / Certificate / EMS Gurus?:
@dbeato Check this article
Thank you. I found that article a few days ago and followed it without success.
-
-
@dbeato said in Exchange 2013 / IIS / Certificate / EMS Gurus?:
@jasgot Also take a look here.
https://support.microsoft.com/en-us/topic/you-can-t-access-owa-or-ecp-after-you-install-exchange-server-2016-cu6-88b3fe67-5f97-a8a2-8ed8-70034ff15761Thanks. This looks helpful, I'll give it a try!
-
No go. Open to other ideas.....
-
@jasgot
Run this on EMS:
netsh http show sslcert0.0.0.0:443
0.0.0.0:444
127.0.0.1:443should have the same Certificate Hash / Thumbprint
(take a screenshot)Whichever one doesn't match - delete
netsh http delete sslcert ipport=0.0.0.0:444 (for example)
Then reload that with the right cert
netsh http add sslcert ipport=0.0.0.0:444 appid='{app id}' certhash=<correct thumbprint>
(or whichever ip/port didn't match earlier)Then run netsh http show sslcert again to confirm the change!
-
@pirho99 said in Exchange 2013 / IIS / Certificate / EMS Gurus?:
Run this on EMS:
netsh http show sslcert
......Hadn't seen these steps before, thanks. But no glory
-
@jasgot What is the Service Pack and CU Leval of that Exchange 2013 Server? What is the .NET Framework installed on this server?
-
@dbeato said in Exchange 2013 / IIS / Certificate / EMS Gurus?:
@jasgot What is the Service Pack and CU Leval of that Exchange 2013 Server? What is the .NET Framework installed on this server?
CU 23
Net 4.8 -
@jasgot Gotcha, that is very bizarre.
-
