Exchange 2010 - Outlook Web App Didn't Initialize

Outlook Web App Didn't Initialize

I recently ran across this problem again and decided I should blog this issue for future reference. Unfortunately Exchange 2010 is still used today even though it is no longer officially supported by Microsoft. When you do run across odd issues with older software it can be a real pain to get things working properly again. In this case I had to migrate an Exchange 2010 server to VMware because that was the company's e-mail server with the intention of migrating it to Exchange 2016 later. This is running on Windows Server 2012 R2.

Outlook Web App Error:

After migrating the server I was getting the following error when attempting to access https://mail.mydomain.com/owa/ "Outlook Web App didn't initialize. If the problem continues, please contact your helpdesk." This is a super helpful and descriptive error, thanks Microsoft!

This error actually has to do with a mismatching IIS virtual directory authentication method and Exchange's Client Access OWA authentication method.

Solution:

The proper settings if you want to enable forms based authentication (ideal for users outside the local domain), you'll want to set the Exchange OWA authentication method to Forms Based and select the local domain for your user accounts.

Start by browsing to MS Exchange->Server Configuration->Client Access: then select owa (Default Web Site) from the Outlook Web App tab.

Make note of the Internal and External URLs as those could be different.

Next click the "Authentication" tab from the owa (Default Web Site) Properties menu.

Make sure you select "Use forms-based authentication" then select the logon format that you prefer. I recommend "User name only" and setting the Logon domain to the company.local or whatever is appropriate for your organization.

You'll want to repeat the process with the ecp (Default Web Site) under the Exchange Control Panel tab as well. Make sure you have "Use forms-based authentication" set.

The next step is to verify that the authentication settings are correct within IIS. In my example I opened the Default Web Site and browsed to ecp and owa. On each of them select the Authentication icon. 

Make sure the "Basic Authentication" setting is enabled and the rest are disabled

If you run basic authentication you'll also want to ensure that the website requires SSL to connect. Select the SSL Settings icon then check the box "Require SSL" and make sure "Client certificates" is said to "Ignore".

Additional Notes:

If you receive the WINRM error when trying to access the Exchange Management Console (EMC) then check to make sure the IIS Default Web Site has an entry for all available IPs on port 443 and 80. This can happen if you use named redirects with multiple NICs/IPs.

Ubuntu Server - Landscape

Ubuntu Server - Landscape

Ubuntu's Landscape 17.03 is a centralized update management server for Ubuntu Server and Desktop. It allows you to configure a central Landscape server and the join your Ubuntu machines to that Landscape server with the Landscape client. The setup is relatively painless and provides some nice reporting as well as centralized management. Very handy stuff from Ubuntu! The free license will allow for management of 10 stand alone servers. You can purchase additional server licenses directly from Canonical with their advantage support.

Landscape Server Install:

After your initial Ubuntu server installation completes (I ran LTS 16.04) from the SSH prompt run the following:

 sudo add-apt-repository ppa:landscape/17.03 

 sudo apt update 

 sudo apt install landscape-server-quickstart 

Once the installation has completed you'll be able to browse to https://hostname.FQDN/ and access the management website for Landscape. The first step is to setup all of the account settings so you can start deploying the clients. Click on "Account" and enter the appropriate information. To get the information you'll need for the client install later click the link on the left side of the page that says "following these instructions".

On the account page you'll want to enter your company name or designation and optionally you can input a registration_key.

The client setup page gives an example of what to enter to install the Landscape client on your Ubuntu servers. I'll go into more depth on that setup in the next section.

Landscape Client Install:

The client install should be run on any Ubuntu server you wish to manage from the Landscape server. I ran this on both version 14 and 16 servers. The first thing you'll need to do is copy the server certificate to the client's you want to register. I used WinSCP to download the certificate to my workstation and then used WinSCP again to copy the certificate to the client computer. You could also do this using ssh directly.

Landscape server certificate path:  /etc/ssl/certs/landscape_server_ca.crt 

Copy to the client here:  /etc/landscape/server.pem 

Now edit the  /etc/landscape/client.conf  file and add the following line to the end of the file:

 pico /etc/landscape/client.conf 

It probably looks something like this:
[client]
log_level = info
data_path = /var/lib/landscape/client
account_name = standalone


Now add the following line to the end of the file:
 ssl_public_key = /etc/landscape/server.pem 

Now you can run the installation on the client:

 sudo apt-get update 

 sudo install landscape-client

sudo landscape-config --computer-title "My Web Server" --account-name standalone -p registration_key --url https://hostname.FQDN/message-system --ping-url http://hostname.FQDN/ping

You will be prompted to enter some information on screen. Most of that is not critical and can be changed later. The defaults are likely what you want. The last step will ask you to register the client with the server, select Y there and then go back to the Landscape web application and you should now see your computer under the "Computers" tab.

That's pretty much all there is to it, you can also use Landscape to manage cloud based Ubuntu deployments including within AWS.