Forum Discussion
Exchange Server error in '/owa' application
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1]
Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) +241
Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() +478
Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() +143
Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) +16
Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) +826
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) +2776
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() +20
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() +229
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) +1379
Microsoft.Exchange.HttpProxy.<>c__DisplayClass3f.<OnCalculateTargetBackEndCompleted>b__3e() +311
Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) +35
Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate, LastChanceExceptionHandler exceptionHandler) +121
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate method) +69
[AggregateException: One or more errors occurred.]
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result) +416
System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) +231
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +172
- Ok i found solution. Use this to create new certificate https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
And after creating the certificate you must wait like a hour or more for changes work. Restart dont change the wait time 🙂
56 Replies
- I went ahead and updated the cert even though mine wasn't expired. After the other steps it started to work right away.
Our cert is an externally signed cert that is due to expire next year so we wanted to keep using it and not have to generate a new self sign one.
We worked around this by just running the three PS commands below in Exchange PS
Set-AuthConfig -NewCertificateThumbprint <WE JUST USED OUR CURRENT CERT THUMPRINT HERE> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificateNote: that we did have issues running the first command because our cert had been installed NOT allowing the export of the cert key. once we reinstalled the same cert back into the (local Computer) personal cert store but this time using the option to allow export of the cert key, the commands above worked fine.
We then just needed to restart ISS and everything was golden. 😄
- Thank you! Worked like a charm
Excellent! I got my cert thumbprints using this PS cmd:
Get-ChildItem -Path Cert:LocalMachine\MY
and then ran the three PS cmds as outlined by Karl, then ran IISreset to bounce the IIS on the exchange server and SHAZAM! was able to immediately get back into the Exchange console like before.
Thanks for the help!
- FYI, Update:
Since our cert wasn't expired I tried and installed CU10 and that solved it for me.installed exchange 2019 c11 error re certificate error.
Nikolas_Athanasakis Hi i have the same problem it started today at 2 am on our server. We can't log in to owa and ecp. I tried to create new auth-Config certificate becouse i couldn't display the thumprint but it didin't work too. im thinking about cu 10 bot not sure if this will fix problem.
- thanks god.
Worked for me too and take 2 hours and half.
i have no more hairs ^^ - Ok i found solution. Use this to create new certificate https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
And after creating the certificate you must wait like a hour or more for changes work. Restart dont change the wait time 🙂Hi Asterofus may you please share the working document for the link you provided here it doesn`t seem to work and after reading this conversation I think it`s what I need for my problem today. Thanks in advance.
