I'm getting a 500 error after logging in to OWA. I enter the credentials on the sign in form, it redirects to the frowny face with error 500. More details just shows my server name and the UTC date/time (I am -6 Central). However if I modify the URL from my.domain\owa to my.domain\ecp, I am immediately taken to the ECP. That seems to indicate that I am authenticating.
This happens for the 8 or 9 accounts I have tested. I have tested both internally and externally and with a variety of browsers and devices. Outlook still works and Android and iOS devices get email no problem. It is just the viewing of the mail items that is broken.
I have tried this fix from Microsoft: https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired#resolution
I have also looked at Exchange Server 2016 OWA Error 500.
I have also recreated my OWA virtual directories (Remove-OwaVirtualDirectory then New-OwaVirtualDirectory).
This is Exchange 2016 on-prem on a Server 2012 R2 VM. No hybrid environment or other mail servers.
[PS] C:\scripts>Get-ExchangeServer | Format-List Edition, AdminDisplayVersion
Edition : Standard
AdminDisplayVersion : Version 15.1 (Build 2242.4)
Thanks Ivan,
I am not aware of any accounts that can successfully access OWA. I've gotten a few trouble tickets from users and personally tested 8 or 9 accounts myself. This represents about 10% of my users.
This is the result of Test-ServiceHealth. The only service not running is Unified Messaging.
[PS] C:\Windows\system32>Test-ServiceHealth
Role : Mailbox Server Role
RequiredServicesRunning : True
ServicesRunning : {IISAdmin, MSExchangeADTopology, MSExchangeDelivery, MSExchangeIS, MSExchangeMailboxAssistants, MSExchangeRepl, MSExchangeRPC, MSExchangeServiceHost, MSExchangeSubmission, MSExchangeThrottling, MSExchangeTransportLogSearch, W3Svc, WinRM}
ServicesNotRunning : {}
Role : Client Access Server Role
RequiredServicesRunning : True
ServicesRunning : {IISAdmin, MSExchangeADTopology, MSExchangeMailboxReplication, MSExchangeRPC, MSExchangeServiceHost, W3Svc, WinRM}
ServicesNotRunning : {}
Role : Unified Messaging Server Role
RequiredServicesRunning : False
ServicesRunning : {IISAdmin, MSExchangeADTopology, MSExchangeServiceHost, W3Svc, WinRM}
ServicesNotRunning : {MSExchangeUM}
Role : Hub Transport Server Role
RequiredServicesRunning : True
ServicesRunning : {IISAdmin, MSExchangeADTopology, MSExchangeEdgeSync, MSExchangeServiceHost, MSExchangeTransport, MSExchangeTransportLogSearch, W3Svc, WinRM}
ServicesNotRunning : {}
The default web site bindings for 443 and back end bindings for 444 are set to my GoDaddy cert which is valid until 6/22/2022.
I also ran Get-HealthReport, and I have lots of Unhealthiness: HubTransport, ECP, Search, OWA.Protocol, and a couple of UM HealthSets. Looking more deeply at the Search set, HostControllerSer..., SearchQueryFailur..., and SearchQueryStxMon... are Unhealthy.
I think I'm just going to spin up a new mail server and move the database.
I reinstalled the CU22 update, and this fixed my OWA issue. I also applied more patches and ran MSCert. My search services were stopped, so I restarted them and set them to Automatic (Delayed), and search has been working now too. When I mentioned all this to my boss in my weekly actiovity report, he told me of his thoughts on moving to M365 in 2023, but this convinced him that we should just move early. So now rather than standing up a new on-prem server I am prepping things for the cloud.
