Jan 20 2023 07:22 PM
Jan 20 2023 07:22 PM
I am faced with a very bizarre situation which I have never encountered before perhaps someone has seen this. I have an on-prem exchange 2019 server. Everything works fine, all users can connect but I cannot create any new users. I explain, I create a user in AD, assign it a mailbox, everything performs correctly. But when I try to add the mailbox to outlook or try to log in via OWA I always get incorrect password. No matter what I do.
One thing I noticed is that in my ECP, prior to making this new user I had 3 self signed certificates that were invalid. I simply clicked "renew" and they all became valid. However, now in my event viewer I keep getting the following warning
Unable to find the certificate with thumbprint in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.
A little googling and it seems this error is related to Microsoft Exchange Server Auth Certificate but mine is valid. However, I'm starting to think that I cannot connect any mailboxes because somewhere in IIS it is not finding the correct certificate, or maybe it is not bound properly?
I saw a similar post which says if we already have a valid certificate we can run the following command
Set-AuthConfig -NewCertificateThumbprint THISONEEXISTSINEXCHANGE -NewCertificateEffectiveDate (Get-Date)
but I'm unsure what this will do or if it will fix the issue. Before I do anything I'd like to get some expert opinions on this, have anyone ever come across this kind of issue?
Jan 23 2023 08:00 AM
Hi @audi911 - You need to recreate the OAuth certificate. It is safe to do so. This article has detailed steps.
Jan 29 2023 06:54 PM
Thanks for getting back to me.
Just to be sure, like I had mentioned in my original post, I had 3 certificates that were expired which I simply pressed renew and it renewed them.
Is it possible that the renew didn't complete correctly?
Here is what my OAUTH looks like now
One think I did notice was on a working server vs this non working server the certificate called
Apr 17 2023 03:18 PM
Sep 20 2023 01:41 PM
Hi @Audi9112450 - What error do you receive when you have a new user login to OWA? Are existing users able to login fine? What is the CU currently installed on the server?
Also, instead of clicking renew, I'd suggest you follow steps mentioned in this article to renew the OAuth certificate.
Hope this helps!