Share via

ADFS Exchange 2019 On prem Configuration

Lucky Gumboh 0 Reputation points
2026-02-13T08:15:01.3633333+00:00

Anyone willing to help to get this work, been battling for weeks

After deploying ADFS, owa and ECP pages cant load

https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx page loads request credentials but

https://domain.com/adfs/ls/ issues error : Error details: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request

Troubleshooting is so confusing I am no longer sure where to touch next : SSLs, Thumbprints. Endpoints. WAP. Couldn't Microsoft be kinder on the system admins!?

Exchange | Exchange Server | Other
Exchange | Exchange Server | Other

A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kudos-Ng 14,430 Reputation points Microsoft External Staff Moderator
    2026-02-13T10:03:43.0133333+00:00

    Hi Lucky Gumboh,

    Thank you for posting your question in the Microsoft Q&A forum.

    After carefully reviewing the information you provided, my understanding is that your main issue is that OWA and EAC (also referred to as ECP in the virtual directory naming) are no longer usable after deploying AD FS.

    However, since I am a forum moderator, not a Microsoft employee or part of the product team, I do not have a dedicated test environment to reproduce this exact behavior. The following insights are therefore based on official documentation, similar community reports, and general troubleshooting experience.

    When researching your error code(s), I found that this issue has been reported by other users for a long time (including reports still appearing in 2026). One of the rare posts I found where the OP reported a working solution is here: https://serverfault.com/questions/824303/adfs-passive-request-there-are-no-registered-protocol-handlers
    Important: This link will take you to ServerFault, which is outside Microsoft’s domain. Please note that Microsoft is not responsible for the accuracy, security, or advertising on external sites.

    That thread indicates the IdP-initiated page may need to be enabled (EnableIdPInitiatedSignonPage).

    That said, since you mentioned that https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx loads and prompts for credentials, it is likely you already found the above thread and tried that approach, yet your issue still remains.

    For now, here are the consolidated points I can provide based on what I gathered:

    • You are accessing https://domain.com/adfs/ls/ instead of https://adfs.domain.com/adfs/ls/. The path /adfs/ls/ is hosted by the AD FS service. If domain.com is pointing to your Exchange server (or to a load balancer publishing Exchange), that host may not be expected to serve the AD FS endpoint. Also, Microsoft notes that manually browsing to /adfs/ls/ without the correct request context can result in MSIS7065. Therefore, please ensure your testing URL is the AD FS Service Name (for example sts.domain.com or adfs.domain.com), not your OWA URL.
    • Because you reviewed event logs and suspect OAuth involvement, you may also want to validate your Exchange OAuth certificate state using Microsoft’s guidance: Can’t access OWA/EAC with expired OAuth certificate - Exchange | Microsoft Learn
    • In addition, Microsoft has a documented issue specifically for Exchange 2019 CU2 when AD FS is configured for OWA/EAC: Can’t sign in to OWA or EAC after you install Exchange Server 2019 CU2 with AD FS - Microsoft Support

    I hope the information above helps you identify the most appropriate next step in your troubleshooting path.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
  2. Lucky Gumboh 0 Reputation points
    2026-02-13T08:38:49.8833333+00:00

    /adfs/ls/ endpoint is enabled.

    SSL Certifcate for OWA and ECP was valid and working before ADFS was configured and I assume that should remain the same. I purchased and installed a new standard SSL for newly setup ADFS server. But I am not sure if how verify it is setup correctly after importing on ADFS server or I may have missed a step on where else it should be imported.

    I opted not to deploy WAP, external users will need to VPN in to access Exchange mail. (Was hoping that will make the configuration less complicated)

    Lots of Events ID 1021 in the logs:

    Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthJWTBearerException: MSIS9426: Received invalid OAuth JWT Bearer request. The JWT Bearer payload must contain 'scope'.

    But I can't make sense of what to rencofigure. Application group....etc

    adfssrv is running

    0 comments
  3. Lucky Gumboh 0 Reputation points
    2026-02-13T08:20:06.9033333+00:00

    What should be the correct certificate setup?

    0 comments
  4. Q&A Assist
    2026-02-13T08:15:16.56+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It seems you are encountering issues with your ADFS configuration for Exchange 2019. The error message MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request indicates that the ADFS service is not properly configured to handle the incoming requests for the specified endpoint.

    Here are some troubleshooting steps you can take:

    1. Check ADFS Endpoints: Ensure that the necessary ADFS endpoints are correctly configured and enabled. You can verify this by running the following PowerShell command on your ADFS server: 
         Get-AdfsEndpoint
      Look for the /adfs/ls/ endpoint and confirm that it is enabled.
    2. SSL Certificate: Ensure that your SSL certificate is properly installed and that the thumbprint matches what is configured in ADFS. If there are issues with the SSL certificate, it can prevent ADFS from functioning correctly.
    3. Web Application Proxy (WAP): If you are using WAP, ensure that it is correctly configured to forward requests to the ADFS server. Check the firewall settings to ensure that traffic is allowed between the WAP and ADFS servers.
    4. Service Status: Verify that the ADFS service is running. You can check this in the Services management console or by using the following PowerShell command: 
         Get-Service adfssrv
    5. Event Logs: Check the Event Viewer on the ADFS server for any error messages that might provide more context about the issue.
    6. Documentation: Refer to Microsoft's documentation on troubleshooting ADFS issues for more detailed steps and guidance.

    If these steps do not resolve your issue, consider reaching out to Microsoft support or community forums for additional assistance.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.