Exchange 2016 – HTTP Error 500 after logging into ECP/OWA

After logging into Exchange 2016's ECP you receive an HTTP Error 500 (same goes with OWA):

Searching the internet ends up with several possible solutions to this issue, ranging from missing System Attendant Mailboxes, to bogus ADSI settings regarding the Exchange CAS Service. I tried several of them to no prevail.

And it doesn't matter whether you enter DOMAIN\Administrator or administrator@domain.local for your username. In most cases the simplest solution is to execute UpdateCas.ps1 PowerShell script located in the C:\Program Files\Microsoft\Exchange Server\V15\Bin folder, followed by an IISReset:

 

Once there was a case where UpdateCas.ps1 didn't work, which left me with executing the following PowerShell cmdlets, in subsequent order:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $False -BasicAuthentication $True
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $True -BasicAuthentication $True
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -FormsAuthentication $false -BasicAuthentication $true
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -FormsAuthentication $true -BasicAuthentication $true
iisreset

Again, one Exchange 2016 Server in particular was immune against all those tricks and needed the following adjustments:

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -FormsAuthentication $false -BasicAuthentication $true -WindowsAuthentication $true
Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -FormsAuthentication $false -BasicAuthentication $true -WindowsAuthentication $true
iisreset
Recycle MSExchangeECPAppPool
Recycle MSExchangeOWAAppPool

Keep in mind that Authentication Settings for both Virtual Directories ECP and OWA must be identical:

After that I was able to successfully log into ECP and OWA again.

Update 2016-12-15

On another occassion it turned out that the Mailbox Database the user tried to access via OWA was actually unmounted. The Event Log showed a lot of Event IDs 1023, Event Source: MSExchange ActiveSync, with the following Event Message:

Exchange ActiveSync tried to access a mailbox on Mailbox server "yourserver.domain.local". It could not access the mailbox because the Mailbox server is offline.

After mounting the corresponding Mailbox Database everything worked as expected. By coincidence the Administrator's Mailbox was hosted on the exact same Mailbox Database, thus rendering the Administrator account unable to log into ECP and OWA, neither, resulting in http error 500.

Further reading:

• HTTP 500 Internal Server Error when logging into Exchange 2013 Exchange Control Panel (ECP)
• Exchange 2013 Troubleshooting: Error 500 when login ECP and OWA
• Exchange 2013 unable to login to OWA/ECP
• KB2871485 - The FBA page is displayed when a user accesses OWA or ECP to log on to Exchange Server 2013