ECP on E2013 intermittend access failure

channaveera Swamy KM 6 Reputation points
2021-08-11T04:12:02.577+00:00

Both internal and external urls are configured. Access to ECP fails intermittentntly. When it fails it fails access to ECP from for VIP on netscaler and Individual Server hostname / IP. Followinge is the error.

I had a look at Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Ecp and i noticed BeginRequest=2021-08-10T04:00:53.708Z;CorrelationID=<empty>;NoCookies=302 - GET/E14AuthPost;EndRequest=2021-08-10T04:00:53.708Z; under genericinfo column

Event iD 4

Current user: 'Contoso\L1.User'
Request for URL 'https://exc03.contoso.local:444/ecp/default.aspx(https://outlook.contoso.com.au/ecp/)' failed with the following error:
System.Configuration.ConfigurationErrorsException: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\unifiedmessaging\web.config line 198)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName)
at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index)
at System.Web.Configuration.RuntimeConfig.get_Authorization()
at System.Web.Security.UrlAuthorizationModule.IsUserAllowedToPath(HttpContext context, VirtualPath virtualPath)
at System.Web.StaticSiteMapProvider.GetChildNodes(SiteMapNode node)
at System.Web.XmlSiteMapProvider.GetChildNodes(SiteMapNode node)
at Microsoft.Exchange.Management.ControlPanel._Default.CreateDataContract(SiteMapNode sNode)
at Microsoft.Exchange.Management.ControlPanel._Default.CreateDataContract(SiteMapNode sNode)
at Microsoft.Exchange.Management.ControlPanel._Default.CreateNavTree()
at Microsoft.Exchange.Management.ControlPanel._Default.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName)
at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index)
at System.Web.Configuration.RuntimeConfig.get_Authorization()
at System.Web.Security.UrlAuthorizationModule.IsUserAllowedToPath(HttpContext context, VirtualPath virtualPath)
at System.Web.StaticSiteMapProvider.GetChildNodes(SiteMapNode node)
at System.Web.XmlSiteMapProvider.GetChildNodes(SiteMapNode node)
at Microsoft.Exchange.Management.ControlPanel._Default.CreateDataContract(SiteMapNode sNode)
at Microsoft.Exchange.Management.ControlPanel._Default.CreateDataContract(SiteMapNode sNode)
at Microsoft.Exchange.Management.ControlPanel._Default.CreateNavTree()
at Microsoft.Exchange.Management.ControlPanel._Default.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Flight info: Features:[[Global.DistributedKeyManagement, False],[Global.GlobalCriminalCompliance, False],[Global.MultiTenancy, False],[Global.WindowsLiveID, False],[Eac.AllowMailboxArchiveOnlyMigration, True],[Eac.AllowRemoteOnboardingMovesOnly, False],[Eac.BulkPermissionAddRemove, True],[Eac.CmdletLogging, True],[Eac.CrossPremiseMigration, False],[Eac.DevicePolicyMgmtUI, False],[Eac.DiscoveryDocIdHint, False],[Eac.DiscoveryPFSearch, False],[Eac.DiscoverySearchStats, False],[Eac.DlpFingerprint, False],[Eac.EACClientAccessRulesEnabled, False],[Eac.GeminiShell, False],[Eac.ManageMailboxAuditing, False],[Eac.ModernGroups, False],[Eac.Office365DIcon, False],[Eac.OrgIdADSeverSettings, False],[Eac.RemoteDomain, False],[Eac.UCCAuditReports, False],[Eac.UCCPermissions, False],[Eac.UnifiedAuditPolicy, False],[Eac.UnifiedComplianceCenter, False],[Eac.UnifiedPolicy, False],[Eac.UnlistedServices, False],], Flights:[], Constraints:[[MACHINE, EXC03-G-SWARH],[MODE, ENTERPRISE],[PROCESS, W3WP],], IsGlobalSnapshot: True

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,406 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Yuki Sun-MSFT 40,891 Reputation points
    2021-08-12T02:43:00.517+00:00

    Hi @channaveera Swamy KM ,

    Access to ECP fails intermittentntly. When it fails it fails access to ECP from for VIP on netscaler and Individual Server hostname / IP. Followinge is the error.

    Considering that it's a randomly occurred issue, it might be kind of difficult to narrow down and locate the root cause. Given current situation, could you help collect the information below so that we can see if more clues can be found for further troubleshoot:

    1. If possible, please remove all personal information involved and then share a screenshot of the error page when failing to access ECP.
    2. Are you able to access OWA as normal when it occurs? Or is there any other symptom when the issue appears?

    Besides, I tried searching on the error message("It is an error to use a section registered as allowDefinition='MachineToApplication'....) you shared above and noticed this thread which included the part of error in the discussion:
    122448-1.png
    As mentioned in the post above, the error appeared after the HttpProxy folder for ecp was copied into c:\inetpub\wwwroot. So I'd suggest having a check to see if any changes were made into the folders involved in your environment as well.

    Furthermore, if there are any third-party applications, especially things like anti-virus software running in your Exchange organization, you can try temporarily disabling them to help narrow down the issue.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. channaveera Swamy KM 6 Reputation points
    2021-08-16T04:34:58.26+00:00

    Thanks Yukisun.

    This is how the web.config looks at C:\inetpub\wwwroot on the exchange servers. This is the exchange installation path E:\Program Files\Microsoft\Exchange Server\V15.

    There is no ECP folders in C:\inetpub\wwwroot. Following are the only files under C:\inetpub\wwwroot

    aspnet_client
    bkg-gry.jpg
    iis-8.png
    iisstart.htm
    msweb-brand.png
    web.config
    web.config.bak
    ws8-brand.png

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <location inheritInChildApplications="false">
    <system.webServer>
    <modules>
    <add name="HostHeaderValidationModule" type="Microsoft.Exchange.HttpUtilities.HostHeaderValidationModule, Microsoft.Exchange.HttpUtilities, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <add name="OwaJavascriptRedirectModule" type="Microsoft.Exchange.HttpRedirect.OwaJavascriptRedirectModule, Microsoft.Exchange.HttpRedirectModules, Version=15.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </modules>
    </system.webServer>
    <system.web>
    <machineKey validationKey="AutoGenerate,IsolateApps" />
    <compilation defaultLanguage="c#" debug="false">
    <assemblies>
    <add assembly="Microsoft.Exchange.HttpRedirectModules, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </assemblies>
    </compilation>
    </system.web>
    </location>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
    <linkedConfiguration href="file://E:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\SharedWebConfig.config"/>
    </assemblyBinding>
    </configuration>

    This is the error each time there is an error
    500
    Unexpected error :(
    An error occured and your request couldn't be completed. Please try again.

    OWA is not affected only ECP.

    Cylance protect is our Anti-Virus and we have excluded all files and folders as per MS best practice.