Forum Discussion
KosmosKami
Feb 16, 2023Copper Contributor
OWA/ECP stop working after update ((
Hello. I have one Exchange server under my control. After installing update KB5019758, the admin console stopped working. I get message ASSERT: HMACProvider.GetCertificates:protectionCertif...
FcoManigrasso
Feb 17, 2023Iron Contributor
Hi KosmosKami!
OWA/ECP errors after an Exchange Security update is something quite usual.
These errors occur if the security update was manually installed on a server that has User Account Control (UAC) enabled, but without using elevated permissions.
Use elevated permissions to reinstall the security update on the server.
-Select Start, and then type cmd.
-Right-click Command Prompt from the search results, and then select Run as administrator.
-If the User Account Control window appears, select the option to open an elevated Command Prompt window, and then select Continue. If the UAC window doesn’t appear, continue to the next step.
-Type the full path of the .msp file for the security update, and then press Enter.
-After the update installs, restart the server.
If that doesn't fix your issue, you'll probably need to check the ECP Virtual directory. You can find the detailed instructions here: OWA or ECP stops working after you install a security update - Exchange | Microsoft Learn
Hope this helps and please let us know if you finally fix the issue. If not, we'll need to perform further checks.
Good luck 🙂
KosmosKami
Mar 04, 2023Copper Contributor
Many thanks for helping and sharing your knowledge FcoManigrasso . Right now I have half of the problem ESP is working, but OWA is unavailable. I try navigate to C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy and take a copy of the SharedWebConfig.config file. Then Paste a copy of that file into the C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess directory. And then restart the IIS Services (iisreset). Unfortunately, it didn't help I'm also checked the certificate used for https binding, (in IIS.) is the same for the Exchange Front End, and the Exchange Back End web sites.
- FcoManigrassoMar 06, 2023Iron Contributor
Hi KosmosKami,
Happy to hear that ECP is working now.
Regarding OWA, I'll need more info... Which error do you get?
Do you get any log in EV? Which ones?
Please check also that the certificate is still valid. You can check it running:
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List
- KosmosKamiMar 06, 2023Copper Contributor
FcoManigrasso On OWA page I am get an uninformative message after authorization
:-( Something went wrong Unfortunately, we cannot obtain this information right now. Please reply later. If you encounter problems, please contact support
And I still can't find the detailed log file that is responsible for OWA. I have seen posts online about what to look for in the IIS logs. Where is it on the right path?
Regarding the certificate, I can say that I checked the state of health with a script HealthChecker.ps1 and it warned that the validity of some certificates was coming to an end. So I used an another script MonitorExchangeAuthCertificate.ps1 to renew the certificates and then point them to IIS.
- FcoManigrassoMar 07, 2023Iron Contributor
Hi KosmosKami,
You need to check the Event Viewer for the errors ID's when you try to access OWA.
Please provide also the output of the cmdlt posted in my previous reply, ( you can send me that in a private message ). It's possible that the certificate update failed and that could be the reason of your error. But without more details it's really hard to know. In EV you should be able to see more detailed error pointing to the right root cause.