Exchange 2013 CU 10, unable Logon /OWA with user, Something went wrong

Absolute fresh Exchange 2013 CU 10 install on Server 2012 R2 English with DC 2008 R2. Not updated! Direct installed from the Update 10. Only thing done Self signed SAN-CERT from 2008R2 CA integrated and Virtual Directory's bent to that.

  • Event 3008
  • You are unable to Logon to /OWA with a user
  • You get a waring "Something has failed"
  • All Exchange Services are up
  • You are able to logon with /ECP and the Admin account you made
  • You checked the File: AntiXSSLibrary and it's there where it should be
  • Your Browser URL after Logon try shows ErrorFE.aspx?httpCode=500
  • With Activesync Debug Tools like MD EAS you get The remote server returned error (500) Internal Server error

This is how it looks:

"Something went wrong". Yes I test migrated from 2010 to 2013. Or I take a look at 2013 went wrong ;-) No just it's a new 3 year old MS product ;-)

This should appear:


Event 3008

C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\web.config line 107

Could not load file or assembly 'AntiXSSLibrary, Version=, Culture=neutral, PublicKeyToken=d127efab8a9c114f' or one of its dependencies. The system cannot find the file specified.

Event code: 3008

Event message: A configuration error has occurred.

Event time: 13.10.2015 15:13:18

Event time (UTC): 13.10.2015 13:13:18

Event ID: 80f73be924da451895c60d1e3e8be77e

Event sequence: 1

Event occurrence: 1

Event detail code: 0


Application information:

Application domain: /LM/W3SVC/2/ROOT/owa-4-130892155979061374

Trust level: Full

Application Virtual Path: /owa

Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\

Machine name: SRV2013


Process information:

Process ID: 9380

Process name: w3wp.exe



Exception information:

Exception type: ConfigurationErrorsException

Exception message: Could not load file or assembly 'AntiXSSLibrary, Version=, Culture=neutral, PublicKeyToken=d127efab8a9c114f' or one of its dependencies. The system cannot find the file specified. (C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\web.config line 107)

at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)

at System.Web.Configuration.AssemblyInfo.get_AssemblyInternal()

at System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig)

at System.Web.Compilation.BuildManager.CallPreStartInitMethods(String preStartInitListPath, Boolean& isRefAssemblyLoaded)

at System.Web.Compilation.BuildManager.ExecutePreAppStart()

at System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException)


Could not load file or assembly 'AntiXSSLibrary, Version=, Culture=neutral, PublicKeyToken=d127efab8a9c114f' or one of its dependencies. The system cannot find the file specified.

at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean forIntrospection)

at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)

at System.Reflection.Assembly.Load(String assemblyString)

at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)


Request information:

Request URL: https://localhost:444/owa/proxylogon.owa



Warning: Here is a "Solution" which we don't like because the config file as it says is a configuration file for a web service. Copying such things on a security product? But it solves the error!


Copy the file from:


From: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\

To: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\

Cmd > iisreset

Or reboot Exchange

You are able to logon with users


Activesync Test

Server 2008 stuck, applying computer settings, Most Services down (IIS, certificates)

Our Education/Migration Lab is the place where we consider every Crash as Bonus and source for learning and finally reproduce crashes before they happen at customers.

Last massive we Seen was with Server 2008 RTM and Exchange Server on it. We are unsure if it was disabling IPV6 by Registry or Handling or Manipulation Certificate Stores (wrong Trusted Root Certificates). Mainly this bug happens with Exchange or SharePoint and thus IIS Webserver where you handle San/Wildcard or self signed Certificates.

However > that happens:


  • Server 2008 stuck at "applying computer settings"
  • All Services are Down
  • Your main services like Exchange / SharePoint and VMWARE Tools are not working
  • You can PING the Server. You can PING from within the Server.
  • You can't access \c$ from External
  • You can't access a SHARE from within the Server


    If this already happened


  1. Reboot in Safe Mode
  2. Open mmc
  3. Add Services
  4. Disabled all Services which you Don't need like (sample > backup/Vmware/VSS/Agents just leave the main Services from Windows)
  5. Reboot The Server normal
  6. Check the HOTFIX from Microsoft
  7. Re-install VMware Tools (Hotfix Server 2008)


How to find a Service that LOCKS others because it's stuck

This issue can be caused by a service deadlock in Windows. To confirm, run this command from a command prompt window:

sc querylock


You can find more info very well done here:


If the output contains IsLocked: TRUE, then the service control manager is in a locked state due to a failed service start.



When you start a computer that is running Windows Vista Service Pack 2 (SP2) or Windows Server 2008 Service Pack (SP2), the computer stops responding and appears to hang at the "Applying User Settings" or "Applying Computer Settings" stage of the logon process.

You may experience that the "network connections" folder is empty. Additionally, the following services may not start at startup.

Note These services are set to the "Automatic" startup type.

  1. Print Spooler
  2. Terminal Services
  3. Server service
  4. Remote Registry
  5. Windows Management Instrumentation (WMI)
  6. Distributed Transaction Coordinator
  7. Any services that are related to applications


Note This issue typically occurs after you install a server certificate and then configure Secure Sockets Layer (SSL) on the computer. For example, you install a SSL server certificate in Internet Information Services (IIS) 7.0 and then enable HTTPS on your website to use the certificate.




This issue occurs because of a deadlock in the Service Control Manager database.

The Service Control Manager tries to start the HTTP.sys service and then puts a lock in place in the Service Control Manager database. Then, HTTP.sys makes a call that requires Cryptographic Services during startup. Then, a request is sent to start Cryptographic Services. However, a lock is already in place in the Service Control Manager database. Therefore, a deadlock occurs.


Note The following method can be used in Windows Safe Mode when you are not able to log on successfully to install the hotfix or fixit.

To work around the issue without installing the hotfix, create a DependOnService registry key to modify the behavior of HTTP.sys. This makes HTTP.sys depend on crytosvc service to be started first. To do this, follow these steps:

  1. Click Start, type regedit in the Start Search box, and then press ENTER.

If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.

  1. Locate and then click the following registry subkey:


  1. On the Edit menu, point to New, and then click Multi-string Value.
  2. Type DependOnService, and then press ENTER.
  3. Right-click DependOnService, and then click Modify.
  4. In the Value data box, type CRYPTSVC, and then click OK.
  5. Exit Registry Editor.
  6. Restart the computer.


Sophos UTM 9.314-13 Data Disk is filling up

We use the Sophos appliance under Vmware ESXi 5.X Transparent behind our commercial Firewalls (Just some Wireshark replacment ;-)

The box looks real good and is easy to use. The Interface and GUI are just perfect. I like the Realtime options.

Like most of the times when you search for a solution for a linux Problem there seem to be 40 different

Solutions and Rekommandation. Worst case you update Perl, the Kernels and Download 2'000 files. Nobody knows what it does exept the guy who wrote it but thats the same under Windows sometimes.



Here is how to check the space and enable SSH which is more complicated because you have to enable SSH with a key.


After your cleaned up with this method:


Alert E-Mail you get

Data Disk is filling up - please check. Current usage: 98%


System Uptime : 11 days 20 hours 21 minutes

System Load : 0.06

System Version : Sophos UTM 9.314-13


Please refer to the manual for detailed instructions.


First to do that you have to enable SSH and you have to generate a KEY so you can logon with root

They Made that very nice on the Sophos compared to other appliances ;-)

* Enable SSH

* make a private / Public key with PUTTYGEN.exe

* make the key (Save Public and private)

Mark they Public Key fully and paste it into the SOPHOS appliance (Next Screen)



Then give PUTTY.EXE that key to work with:


Now you are able to Logon with root to the Sophos and search for Big files.

cd /var/storage
du -sh *

There was 1.2 Gigabyte of files under: /var/storage/pgsql92/data after 2 weeks.

Got to the Directory:

Cd /pg_archivecleanup /var/storage/pgsql92/data/pg_xlog

List with:



pg_archivecleanup /var/storage/pgsql92/data/pg_xlog 000000010000000000000048


(Number 48 was just the last PLUS one i did have > No idea if this is right ;-)

Here are the large files / TS Logs of PSQL (We don't discuss if this should fill that fast or not or what they are)

pg_archivecleanup: must specify restartfilename

Try "pg_archivecleanup --help" for more information.



frissu:/var/storage/pgsql92/data/pg_xlog # pg_archivecleanup /var/storage/pgsql92/data/pg_xlog 000000010000000000000048

frissu:/var/storage/pgsql92/data/pg_xlog # ls


frissu:/var/storage/pgsql92/data/pg_xlog #


W7: Show hidden Hardware devices

Open a cmd.exe box with Elevated permissions:


set devmgr_show_nonpresent_devices=1

start devmgmt.msc



In Device Manager: click View, then Show Hidden Devices.


Just used in a DLP project where some clients had 94 COM Ports.



LAB: Exchange 2013 , Mail Stuck in Queue, DNS Set wrong in ECP

1st October was Release date Exchange 2016. So we finally take a look at Exchange 2013 in our Labs ;-) Exchange 2016 seems nothing else then Exchange 2013 SP2. Most of the Office365 things are now also available on Premise (On inhouse Exchange 2013).

First bug we had in Exchange 2013 with Outlook 2010.

Error 4.4.1 Mail does not get delivered to 2013 Test mailbox after Update to CU10.

You see E-Mail incoming in Exchange 2013 from 2007/2010 or itself BUT not delivered to Mailboxes.

Becaue of the Outlook Anywhere Proxy the internal and External DNS are important. There are also several Hotfixes

related in that Direction for Outlook 2010 and 2013. Mostly cumulative Hotfixes after SP2.

For Outlook 2010.

Get an Error 4.4.1 in Exchange 2013 GUI Toolbox.

  1. Check DNS Settings under ECP / Server / DNS-Lookups
  2. Check that the Services that work with that are running



The issue was related to having an external DNS server entered in the properties of the servers NIC. I had the internal primary and secondary DNS servers entered in the NIC, and in the advanced porperties I entered the IP address of our ISP's DNS server. I have done this for that past 8 years in my server NIC configurations and it has saved my butt numerous times. It allows the server to still access the Internet if one\both of the internal DNS servers goes offline\has issues, or if there are network issues. Until now I have never had an issue with this configuration.  I do not know if it is an Exchange 2013 or a server 2012 thing or what, but either way we removed the external DNS server from the NIC and the issue has not returned.