For the new server, we tried a couple of things just to see if there was a corrupt installation. First we tried to reset authentication on the ECP and OWA virtual directories. However, this failed to solve the issue. We then tried a complete reset of the virtual directories for ECP and OWA. This failed to work as well.
Next Step
We then reviewed the server’s certificates.
There was a self-signed certificate that contained the correct date range (day of install to x years from now). There was also the Federation certificate and the Exchange Server Auth certificate.
Then we noticed something strange. There was another certificate, with a certificate domain of the server name:
In order to fix the issue, we needed to remove that certificate:
Only then could we then assign the correct certificate … After replacing the old certificate we ran an IISReset:
Conclusion
With the removal of the bad certificate and putting in place a good certificate, the client was then able to log into ECP and OWA pages as things were now fixed.
