Server Error in '/owa' Application. ASSERT: HMACProvider.GetCertificates:protect

Started by Adventech, July 14, 2021, 01:54:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Adventech

#1
July 14, 2021, 01:54:11 PM
PROBLEM:
Server Error in '/owa' Application
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
IIS/cert problem after July 2021

RESOLUTION:
1.) Create a new OAuth certificate by running the following command:
Code Select
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "contoso.com"

Note: Change the value of the DomainName parameter in the example (contoso.com) to the SMTP domain that's used in your organization.

2.) Set the new certificate for server authentication. To do this, run the following commands:
Code Select
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate

3.) Restart the Microsoft Exchange Service Host Service. This can be done by opening a command prompt with Admin privilege and running the following command.
Code Select
iisreset

CREDITS:
https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired

https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/ff629372(v=exchg.141)?redirectedfrom=MSDN

https://www.reddit.com/r/exchangeserver/comments/ok1cjx/iiscert_problem_after_july_2021_patch_on_exchange/
Adventech Group, Inc.
Bringing Integrity to Information Technology
https://adventech.net
Print
Go Up Pages1
User actions