So I was explaining how I saw tons of event id 15021 entries in the Exchange server error log when I was troubleshooting an Outlook connectivity issue (if you’ve just landed on this page, this is the second part of my troubleshooting guide where I describe how MS Outlook has trouble connecting to the Exchange server after a number of Microsoft updates were installed on the server and after a reboot of the server).
I started looking at the event log and I noticed hundreds of event id 15021 logs, almost one every second.
The description that comes with the logged event was this:
An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data
As mentioned in the previous part of my Outlook connectivity troubleshooting guide, one of the symptoms I experienced was that MS Outlook could not connect to its Exchange server, in fact there was a “disconnected” status in the status bar. Another symptom was that pointing a web browser to the Outlook web access (OWA) page or the Exchange administration page resulted in a sign in screen that apparently looks normal at first sight, but when credentials are entered, you will get a blank, white screen.
Upon further investigation I found that the event id 15021 entries in the event log had to do with a misconfigured ssl certificate.
In order to fix this, open an elevated command prompt and type “netsh http show sslcert” (without the quotes).
This will result in output similar to one in the image below
Please note that the above image shows the beginning of the output of the command. You will need to scroll down to where you see the text “IP:port : 127.0.0.1:443” (NOT IP:port : 0.0.0.0:443 like in the image above - it's a subtle difference).
The image below shows the end of the output (it has the 127.0.0.1 loopback ip address rather than 0.0.0.0 in the above image). You need to work with the part of the output shown in the below image.
Notice that there is a certificate hash and an application ID. Please copy / paste these in a text editor as you will need them in the next steps.
After you have copy / pasted the above mentioned certificate hash and application ID, type
“netsh http delete sslcert ipport=127.0.0.1:444” (without the quotes) in the elevated command prompt.
Now, enter the following command in the elevated command prompt window:
netsh http add sslcert ipport=127.0.0.1:444 certhash=yourcerthash appid=”{yourapplicationid}”
Where you replace yourcerthash with the certificate hash you copy / pasted before and also replace yourappid with the correct application ID.
Please make sure that the command executes successfully or you will continue to log event ID 15021 entries in your event viewer. In some cases you could see an error output that says something like:
netsh http add sslcert ipport=127.0.0.1:444 certhash=yourcerthash appid=”{yourapplicationid}”
The parameter is incorrect.
I’ve seen that this sometimes happens when you copy / paste the netsh http add sslcert command in its entirety from above and the double quotes cause problems. If you get an netsh http add sslcert parameter is incorrect error response, try replacing the double quotes by single quotes or, if that also generates an error, try leaving the quotes out.
In any case, make sure that the command executes successfully or the event id 15021 entries will keep coming.
Once the command executes properly, make sure to reboot the server and now your MS Outlook connection to the Exchange server should be fine again.
I hope this article was helpful to you, if it helped you solve the event id 15021 issue, please consider letting me know in the comments below. Thank you.
If you've enjoyed this article or found it useful, I'd appreciate it if you'd let me know by clicking the Like (or Share) button below. Thank you!
New! Comments
Have your say about what you just read! Leave me a comment in the box below.