What Can Be Done?
Luckily, Microsoft did write up a blog post to cover this particular need:
Configuring Multiple OWA/ECP Virtual Directories on the Exchange 2013 Client Access Server Role
The problem lies in its execution and the usual case of human error.
What Was the Problem?
I had this exact issue come up when I was assisting a client I work with on an irregular basis. They had a separate Admin page configured but it was not working. Reviewing the Microsoft best practices for this page, I noticed a few irregularities:
- Files missing from the virtual directories
- URLs were assigned to the virtual directories (which were not needed)
- Authentication was incorrect as well
Resolution
Now, in order to resolve the issue, the extra website would have to be removed. Then, by following Microsoft’s article, we were able to successfully recreate the extra website. This allowed us to remove the Exchange Admin Center (EAC) option from the default ECP site:
Get-EcpVirtualDirectory -Server <Exchange Server> | ft AdminEnabled -Auto
To change the setting, run this command:
Set-EcpVirtualDirectory -server Ex01 -AdminEnabled $False
Make sure to heed the warning that IIS needs to be restarted with the change:
WARNING: It will take 5 minutes for these configuration changes to take effect. If you want the changes to take effect immediately, restart Internet Information Services (IIS) on all back-end servers. To restart IIS, run the following command: “iisreset /noforce”.
Now we have am alternate directory set just for the EAC and the normal ECP is no longer exposed as the EAC to the Internet.
