Jul 14 2021 04:27 AM - edited Jul 14 2021 04:41 AM
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1]
Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) +241
Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() +478
Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() +143
Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) +16
Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) +826
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) +2776
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() +20
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() +229
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) +1379
Microsoft.Exchange.HttpProxy.<>c__DisplayClass3f.<OnCalculateTargetBackEndCompleted>b__3e() +311
Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) +35
Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate, LastChanceExceptionHandler exceptionHandler) +121
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate method) +69
[AggregateException: One or more errors occurred.]
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result) +416
System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) +231
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +172
Jul 14 2021 06:55 AM
@Nikolas_Athanasakis Hi i have the same problem it started today at 2 am on our server. We can't log in to owa and ecp. I tried to create new auth-Config certificate becouse i couldn't display the thumprint but it didin't work too. im thinking about cu 10 bot not sure if this will fix problem.
Jul 14 2021 08:45 AM
SolutionJul 14 2021 09:26 AM
Jul 14 2021 10:14 AM
Jul 14 2021 11:44 AM
@Asterofus The link you provided said to restart a couple app pools. As soon as I did that it took effect immediately.
Thank you for the answer!
Jul 14 2021 12:58 PM
Jul 14 2021 01:07 PM
@Asterofus Thank you for this tip it worked. One note for others. I created a new certificate and waited for almost two hours, but OWA and ECP were still not working. Then I tried to log into OWA from phone. It took a while but it loaded and stared working normaly. 🙂 Phone method tested on two different servers with the same result. Hope it helps 🙂
Jul 14 2021 01:32 PM - edited Jul 14 2021 01:33 PM
Thank you very much... Working Working!!! Respect!!! @Asterofus
Jul 14 2021 03:29 PM
Jul 14 2021 04:26 PM
@Asterofus Thanks for the link. That did the trick for me. I was not about to uninstall the security update. I just reinstalled exchange in March after we got hit by HAFNIUM 2 weeks before the patch came out.
I did not have to wait an hour, I restarted the Exchange Service Host and did an IISREST and ECP and OWA worked right away.
Jul 14 2021 07:30 PM
Our cert is an externally signed cert that is due to expire next year so we wanted to keep using it and not have to generate a new self sign one.
We worked around this by just running the three PS commands below in Exchange PS
Set-AuthConfig -NewCertificateThumbprint <WE JUST USED OUR CURRENT CERT THUMPRINT HERE> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Note: that we did have issues running the first command because our cert had been installed NOT allowing the export of the cert key. once we reinstalled the same cert back into the (local Computer) personal cert store but this time using the option to allow export of the cert key, the commands above worked fine.
We then just needed to restart ISS and everything was golden. 😄
Jul 14 2021 07:39 PM
Jul 15 2021 04:26 AM
Jul 15 2021 04:32 AM - edited Jul 15 2021 04:39 AM
Thank you very much for the link! This fixed my issue as well. We were running Exchange 2013 CU23 (no SU installed) and I installed Jul21SU. I received no errors during the install and our Outlook clients could still connect after the upgrade, but I could no longer access OWA or EAC. Our cert was not expired either. I followed the commands in the article and then ran IISRESET and both worked again! Thank you again!!
Jul 15 2021 04:37 AM
Jul 15 2021 05:01 AM
Jul 15 2021 05:06 AM
Jul 15 2021 05:19 AM
Hello all,
I installed Exchange 2013 CU23 on our standalone server and got the same issue:
Exception type: ExAssertException Exception message: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
The Exchange Auth certificate wasn't expired though. Anyway I tried generating a new certificate and publish it. It didn't resolve the issues. Even after 2 hours of waiting.
After all (before trying the last resort option to uninstall CU23) I tried using the old valid certificate and published it using the same procedure as described here.
After that OWA and ECP returned back to life.
With the best regards,
Marat
Jul 14 2021 08:45 AM
Solution