Forum Discussion
Exchange Server error in '/owa' application
- Ok i found solution. Use this to create new certificate https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
And after creating the certificate you must wait like a hour or more for changes work. Restart dont change the wait time 🙂
Nikolas_Athanasakis Hi i have the same problem it started today at 2 am on our server. We can't log in to owa and ecp. I tried to create new auth-Config certificate becouse i couldn't display the thumprint but it didin't work too. im thinking about cu 10 bot not sure if this will fix problem.
And after creating the certificate you must wait like a hour or more for changes work. Restart dont change the wait time 🙂
Asterofus The link you provided said to restart a couple app pools. As soon as I did that it took effect immediately.
Thank you for the answer!
Thank you very much for the link! This fixed my issue as well. We were running Exchange 2013 CU23 (no SU installed) and I installed Jul21SU. I received no errors during the install and our Outlook clients could still connect after the upgrade, but I could no longer access OWA or EAC. Our cert was not expired either. I followed the commands in the article and then ran IISRESET and both worked again! Thank you again!!
- Asterofus
I didn't go through and gen a new cert as advised as this cert was still valid for 4 years, however at the steps:
"Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate"
I replaced <ThumbprintFromStep1> with the thumbprint of my original certificate, followed the rest of the guide and recycled the pools instead of the IISRESET, worked immediately.The process looks pretty straightforward but I am nervous about impacting mail flow during this time.
Will creating this new cert impact mail flow at all? We have on-premises Exchange server but all mailboxes live in Office 365.
hi, as you used you old CERT Thumbprint did this save you running the Hybrid Configuration Wizard again ? SpadgingtonBear
- We are having the same issue. However my current OAuth cert doesn't expire until 4/22. Any reason to replace it anyway? Also, I applied KB5004779 yesterday.
- I encountered the same issue, uninstalled the update and it worked. I'm going to wait to see is there is a new update that doesn't break anything.
- Same issue here, not sure if I should replace a valid cert or just wait for a different fix.
- See my reply below
- I did all above with out any luck.
then running the kb5004780 (Exchange 2019) i an elevated cmd, then OWA and ECP worked again.
(ran kb5004780 first as a normal user, not elevated cmd)
Asterofus Thank you for this tip it worked. One note for others. I created a new certificate and waited for almost two hours, but OWA and ECP were still not working. Then I tried to log into OWA from phone. It took a while but it loaded and stared working normaly. 🙂 Phone method tested on two different servers with the same result. Hope it helps 🙂
Thank you very much... Working Working!!! Respect!!! Asterofus
Asterofus Thanks for the link. That did the trick for me. I was not about to uninstall the security update. I just reinstalled exchange in March after we got hit by HAFNIUM 2 weeks before the patch came out.
I did not have to wait an hour, I restarted the Exchange Service Host and did an IISREST and ECP and OWA worked right away.
- Asterofus, You rock! This solution fixed our problem. It seems the Exchange 2019 CU 10 Security Update 1 (KB5004780) did something to make the OAUTH Certificate invalid.
- Although my certificate expires in 2022, this procedure solved my problem.
Thanks - Mein Got. None of the above fixed it until I changed server time to GMT +0. And this was a suggestion from Prem Support as well. Madness.
