Forum Discussion
Exchange Server error in '/owa' application
- Ok i found solution. Use this to create new certificate https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
And after creating the certificate you must wait like a hour or more for changes work. Restart dont change the wait time 🙂
Nikolas_Athanasakis Hi i have the same problem it started today at 2 am on our server. We can't log in to owa and ecp. I tried to create new auth-Config certificate becouse i couldn't display the thumprint but it didin't work too. im thinking about cu 10 bot not sure if this will fix problem.
And after creating the certificate you must wait like a hour or more for changes work. Restart dont change the wait time 🙂
Hi Asterofus may you please share the working document for the link you provided here it doesn`t seem to work and after reading this conversation I think it`s what I need for my problem today. Thanks in advance.
- thanks for this!! After applying the change, I waited a few hours for it to work, even if you reboot it doesn't change .. it needs a few hours, and now everything is working.
thanks Asterofus - Mein Got. None of the above fixed it until I changed server time to GMT +0. And this was a suggestion from Prem Support as well. Madness.
- Asterofus
I didn't go through and gen a new cert as advised as this cert was still valid for 4 years, however at the steps:
"Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate"
I replaced <ThumbprintFromStep1> with the thumbprint of my original certificate, followed the rest of the guide and recycled the pools instead of the IISRESET, worked immediately.hi, as you used you old CERT Thumbprint did this save you running the Hybrid Configuration Wizard again ? SpadgingtonBear
The process looks pretty straightforward but I am nervous about impacting mail flow during this time.
Will creating this new cert impact mail flow at all? We have on-premises Exchange server but all mailboxes live in Office 365.
- Although my certificate expires in 2022, this procedure solved my problem.
Thanks - Asterofus, You rock! This solution fixed our problem. It seems the Exchange 2019 CU 10 Security Update 1 (KB5004780) did something to make the OAUTH Certificate invalid.
Thank you very much for the link! This fixed my issue as well. We were running Exchange 2013 CU23 (no SU installed) and I installed Jul21SU. I received no errors during the install and our Outlook clients could still connect after the upgrade, but I could no longer access OWA or EAC. Our cert was not expired either. I followed the commands in the article and then ran IISRESET and both worked again! Thank you again!!
Asterofus Thanks for the link. That did the trick for me. I was not about to uninstall the security update. I just reinstalled exchange in March after we got hit by HAFNIUM 2 weeks before the patch came out.
I did not have to wait an hour, I restarted the Exchange Service Host and did an IISREST and ECP and OWA worked right away.
Thank you very much... Working Working!!! Respect!!! Asterofus
Asterofus Thank you for this tip it worked. One note for others. I created a new certificate and waited for almost two hours, but OWA and ECP were still not working. Then I tried to log into OWA from phone. It took a while but it loaded and stared working normaly. 🙂 Phone method tested on two different servers with the same result. Hope it helps 🙂
