Exchange 2019 error 2004 cannot log in to owa with any new user?

Brass Contributor


I am faced with a very bizarre situation which I have never encountered before perhaps someone has seen this. I have an on-prem exchange 2019 server. Everything works fine, all users can connect but I cannot create any new users. I explain, I create a user in AD, assign it a mailbox, everything performs correctly. But when I try to add the mailbox to outlook or try to log in via OWA I always get incorrect password. No matter what I do. 


One thing I noticed is that in my ECP, prior to making this new user I had 3 self signed certificates that were invalid. I simply clicked "renew" and they all became valid. However, now in my event viewer I keep getting the following warning



Unable to find the certificate with thumbprint in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.



A little googling and it seems this error is related to Microsoft Exchange Server Auth Certificate but mine is valid. However, I'm starting to think that I cannot connect any mailboxes because somewhere in IIS it is not finding the correct certificate, or maybe it is not bound properly?


I saw a similar post which says if we already have a valid certificate we can run the following command


Set-AuthConfig -NewCertificateThumbprint THISONEEXISTSINEXCHANGE -NewCertificateEffectiveDate (Get-Date)


but I'm unsure what this will do or if it will fix the issue. Before I do anything I'd like to get some expert opinions on this, have anyone ever come across this kind of issue?



6 Replies

Hi @audi911  - You need to recreate the OAuth certificate. It is safe to do so. This article has detailed steps.






Thanks for getting back to me. 

Just to be sure, like I had mentioned in my original post, I had 3 certificates that were expired which I simply pressed renew and it renewed them. 

Is it possible that the renew didn't complete correctly?

Here is what my OAUTH looks like now



One think I did notice was on a working server vs this non working server the certificate called 

WMSVC-SHA2 is different. 
The working server has SMTP checked off as a service and the non working server has SMTP not checked off.
Would that be a possible cause also?
Thank you!
Hello everyone,
It's been a long time since I've posted regarding this issue but I must admit I am at wits end. I do not know what the issue is. I recreated the Microsoft Exchange Server Auth Certificate, it expired on 4/17/2028 but I still cannot log on to OWA (or connect any new user email to any mobile device)
I really have no idea what the issue is.

The original poste said it was Exchange 2019 but it's actually 2016. I don't think that makes a difference but I really need some help I don't understand what the issue is.


Hi @Audi9112450 - What error do you receive when you have a new user login to OWA? Are existing users able to login fine? What is the CU currently installed on the server?

Also, instead of clicking renew, I'd suggest you follow steps mentioned in this article to renew the OAuth certificate.


Hope this helps!