PROBLEM:
Server Error in '/owa' Application
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
IIS/cert problem after July 2021
RESOLUTION:
1.) Create a new OAuth certificate by running the following command:
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "contoso.com"
Note: Change the value of the DomainName parameter in the example (contoso.com) to the SMTP domain that's used in your organization.
2.) Set the new certificate for server authentication. To do this, run the following commands:
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
3.) Restart the Microsoft Exchange Service Host Service. This can be done by opening a command prompt with Admin privilege and running the following command.
iisreset
CREDITS:
https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/ff629372(v=exchg.141)?redirectedfrom=MSDN
https://www.reddit.com/r/exchangeserver/comments/ok1cjx/iiscert_problem_after_july_2021_patch_on_exchange/