Symptoms
Consider the following scenario:
-
A user connects to the Exchange Admin Center (https://<ExchangeCAS>/ECP) on a Microsoft Exchange Server 2013 Client Access Server (CAS) with Forms-Based Authentication disabled.
-
The CAS is in a different site than the user's mailbox.
-
A CAS in the site of the user's mailbox has an ExternalUrl value set.
In this scenario, instead of being silently redirected, the user receives the following error message:
Error executing child request for /owa/auth/errorFE.aspx.
Cause
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Resolution
To fix this issue, install Cumulative Update 12 or a later cumulative update for Exchange Server 2013.
Workaround
Microsoft is currently investigating this issue.
To temporarily work around this issue, copy the version folder from C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth to C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp\auth. For example, if the CAS that the user connects to is running Exchange Server 2013 Cumulative Update 9, copy the 15.0.1104 folder from C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth to C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp\auth. When you do this, the final folder structure is defined as follows:C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp\auth\15.0.1104Exchange Server Updates: build numbers and release dates.
Note Any updates to Exchange will require that the new version folder also be copied. For Exchange Server updates and their build numbers, seeMore Information
This issue applies only to users who have Exchange Server 2013 mailboxes that connect to CAS without Forms-Based Authentication and who need a redirect cross-site. There's a separate issue related to users without mailboxes or with legacy mailboxes who receive the same error message. In that scenario, ECP requires the org mailbox, and adding ?ExchClientVer=15 is a simple workaround.