Bobcares
Client Area
Emergency Support
Technical Support

How to fix when you get Exchange OWA blank page after login

by | May 14, 2018

In our role as Server Administrators for website owners, server owners and hosting companies, we perform a wide range of tasks, from hack recovery to resolving server errors.

Recently we were contacted by a Microsoft Exchange server owner, who was getting blank page in OWA. OWA is the Outlook Web Access for Microsoft Exchange users to view their emails.

The blank page was noticed in Google chrome and latest browser versions, after successful authentication in the login page. Today, we’ll see what causes this issue and how to resolve it.

Why Exchange OWA gives blank page after login

Website attacks are done in many ways, from code injections to website redirection. Secure browsing is a security measure adopted by latest browsers to avoid attacks to websites.

Secure access to sites is ensured using SSL certificates to verify the authenticity of the web server you are connected to. But some attackers try to fool the browser with a certificate and then redirect to a different malicious web site.

To prevent such attacks, most web browsers incorporate a further check. For instance, Google Chrome compares the SSL information provided by the site with the web server to which connection is made.

If the details do not sync, the connection will not work fine. Since all websites are not secure by default, this feature of Chrome gradually forces the web to move towards a secure HTTPS.

In the case of Microsoft OWA issue that was reported by the customer, the login page was loading fine, but was giving a blank page when user successfully login to it.

The same page worked fine in some older browser versions. This clearly showed that the issue was related to the browser security features incorporated recently.

What causes Exchange OWA blank page after login

In Microsoft Exchange server, the SSL misconfiguration in the server can lead to the OWA page showing blank page in latest browsers such as Google Chrome.

IIS server secures websites using SSL bindings. The SSL certificate is bound to the HTTPS port 443 of the website. If there are any configuration mistakes in this setting, it can cause issues when the site is accessed.

When an Exchange server is installed as a Client Access Role or Mailbox Role, there will be two websites in IIS – The Default Web Site and the Exchange Back End, both accessed via HTTPS by default.

Both these sites in IIS have separate SSL bindings allotted to them. The following issues related to SSL bindings, can lead to Exchange OWA blank page after login.

1. Configuration issues in SSL binding for Exchange site

The SSL bindings of Exchange default site and Exchange backend should sync and should be the same certificate. If not, the OWA can show blank page after login.

If the SSL binding contains incorrect information, or if the certificate hash of the binding is different from that of other bindings for the default application ID, OWA fails to function properly.

2. SSL certificate for the Exchange site missing

It can happen that the website that runs the ‘Exchange Backend’ loses the certificate for its https binding somehow, or the certificate gets expired.

When the Exchange Back End site in IIS of the Exchange server is no longer bound to a certificate, OWA will give blank page, as the SSL certificate is “Not Selected”.

3. Incorrect time settings in server clock

While SSL issues are the main cause for OWA giving blank page in latest browsers, at times the clock sync issues can also lead to similar issues.

This time sync issue can occur if the Exchange server’s system clock is ahead or behind from what it should be, causing OWA to load with blank page.

4. Exchange components or license issues

Exchange server has server modules and pre-requisites related to it, for it to function right. If any of these pre-requisites is missing or not functioning right, OWA blank page can show.

License issues can also lead to OWA problems. Exchange server maybe running with trial (Evaluation) license, or the “Exchange Product Key” can be incorrect.

How to resolve Exchange OWA blank page after login

To resolve the Exchange OWA blank page issue, we first diagnose the cause, by performing a 360 degree check that involves SSL configuration to Exchange settings.

If the SSL certificate binding is incorrect, we resolve it by changing the binding settings in IIS for the two websites of Exchange, for the HTTPS port (443 for default site and 444 for backend).

The SSL certificate corresponding to the two sites are confirmed to be the same and valid one. After restarting the related services, OWA would start loading fine properly.

In the server that we got to handle, this alone did not fix the issue. There were some pre-requisites missing for the Exchange ‘Server Manager’ module, which was causing OWA to show blank page.

We launched the Exchange Management Shell and added the missing features into the module. After reloading the TCP port sharing service, the OWA loaded fine.

 

Conclusion

OWA is a commonly used interface by Exchange users. Here, we saw the various reasons that can cause OWA showing blank page after login, and how it can be fixed by our systematic debugging method.

 

Related posts:

  1. How to fix Active Server Pages error asp 0126
  2. HTTP Error 404.3 – Not Found – How to fix it
  3. Exchange 2016 Search Message Tracking Logs – How we do it
  4. ‘http error 401.3 – unauthorized’ in IIS – How to resolve.

No MORE SERVER ERRORS!

Never again lose customers to server errors! Let us help you.

GET EXPERT ASSISTANCE 24/7

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

1 Comment

  1. AP
    AP on 2018-08-18 at 10:50

    Spot on! Correcting the Exchange Back End certificate binding fixed this issue for me after the August Exchange 2013 security updates broke it.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

100% WHITE LABEL SUPPORT

Bobcares

Spend time on your business - not on tech support.

Tech support can keep you busy all day long. That is time you could use to focus on your business. Leave your end-user support to us, and use that time to focus on the growth and success of your business.

TALK TO SALES Or click here to learn more.

Related Articles

  1. How to fix Active Server Pages error asp 0126
  2. HTTP Error 404.3 – Not Found – How to fix it
  3. Exchange 2016 Search Message Tracking Logs – How we do it
  4. ‘http error 401.3 – unauthorized’ in IIS – How to resolve.

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF