The Problem: OWA and ECP not Opening
Have you recently deployed Exchange 2016 and are unable to browse to OWA from anything other than a Microsoft browser?
Do you see something similar to
or
“Your connection is not secure
The website tried to negotiate an inadequate level of security.
mail.domain.com/owa uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.
Error code: NS_ERROR_NET_INADEQUATE_SECURITY “
The Fix: Use IIS Crypto
I’ve stumbled across a tool that will assist in a resolution with this. Launch the tool below and uncheck (disable) SHA and MD5 hashes on the Exchange server. You’ll need to reboot after you’ve made these changes.
IIS Crypto – https://www.nartac.com/Products/IISCrypto
Please note that other integrated services may rely on MD5 and SHA hashes. It is our suggestion to test thoroughly in a controlled manner before making these changes in production.
Brandon Stuart, PEI
