Exchange 2013: ECP double login, error 400

After an upgrade of Exchange 2013 from CU1 to CU2 we could no longer access the ECP part of Exchange. OWA worked fine. We got a blank screen with bad request, error 400.

After a lot of searching, it looks like the upgrade for Exchange wipes out the web.config file which has all the settings for authentication on ECP.

See the following:

Capture

Be aware that this is incorrect after an upgrade. Set the authentication of basic to true again to ensure the setting is correct (note form based authentication is turned off because we use TMG).

Also make sure your internal and external url for the ECP directory is reset, as this is also wiped.

This is a known bug. See KB2871485.