Exchange 2016 – EVENT ID 15021- Blank ECP / OWA & Error connecting to Outlook

If you have been following my blog, I recently migrated my Exchange 2010 server to a new 2016 server. There have been a few hiccups along the way however for the most part  the experience has been good and user disruption minimal, until I encountered Event ID 15021.

ExchangeLast night during a maintenance window I applied my Microsoft updates and rebooted the server. Shortly after reboot I attempted to open Outlook and it failed with a server unavailable error. OWA and ECP both showed BLANK white screens. I began to panic a little because this is probably the IT guys worst nightmare! Working in the industry for over 20 years I put my panic aside and began my standard troubleshooting procedure.

STEP 1 – Event logs are your friend

Immediately opening the System log I found 100’s of Event ID 15021 over and over about one per second

Event ID 15021
Event 15021

Launching my browser and a quick Google search lead me to believe there was an issue with the SSL certificate I applied to the server a few weeks before. I attempted to reassign the SSL cert in IIS manager and then an IISRESET but it didn’t help.

STEP 2 – Ask Google for help -Event ID 15021

Finally I found Adam1115’s blog and read this short article which pertained to Exchange 2013 :  (LINK)

You have an exchange 2013, after some unknown event nobody can get to OWA or ECP (or any other IIS based resource including outlook.)  Instead, users get a login screen then a blank page.  In the system event log, you see hundreds of id 15021 on the source HttpEvent that say “An error occurred while using SSL configuration for endpoint  The error status code is contained within the returned data.” 

  • – Open the Command Prompt
  • – Run-

netsh http show sslcert

  • – This will show the certs, copy and paste this information into notepad.  Under     IP:port   :, note the certificate hash and application ID.
  • – Run this command-  (Yes, I know there is no :444 listed in the output from the earlier command.)

netsh http delete sslcert ipport=

  • – Run this command.  Replace certhas with the certificate hash and appid with the application ID you saved in notepad.

netsh http add sslcert ipport= certhash=123123123123123 appid=”{123123123123-1231231235}”

  • – Reboot the server.

After following the above instructions the server rebooted and all services were accessible again, however the system switched back to the self signed certificate. I went back to the server ECP and assigned the 3rd party SSL to IIS and all was once again well with the world!

I thank Adam 1115 for his original post on this matter, and I hope by re-posting this information I can help others.

Thank you for reading my blog,


Leave a Reply