Exchange Server error in '/owa' application

Copper Contributor



ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1]
Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) +241
Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() +478
Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() +143
Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) +16
Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) +826
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) +2776
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() +20
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() +229
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) +1379
Microsoft.Exchange.HttpProxy.<>c__DisplayClass3f.<OnCalculateTargetBackEndCompleted>b__3e() +311
Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) +35
Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate, LastChanceExceptionHandler exceptionHandler) +121
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate method) +69

[AggregateException: One or more errors occurred.]
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result) +416
System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) +231
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +172


54 Replies
thanks for this!! After applying the change, I waited a few hours for it to work, even if you reboot it doesn't change .. it needs a few hours, and now everything is working.
thanks @Asterofus

Ran into the same issue with the October update. In our case, the Exchange Server Auth Cert was not expired, but it was never properly activated and published. The posted solution worked like a charm without any delays.

OAuth certificate has been expired and I am trying renew from exchange management shell and I am getting error like network services did not have permission like that. However I can see the certificate in personal folder.
I am not able to assign this certificate. please advice how do I fix this issue
Picture with error message ?
Something in évent viewer?
Can tout try as domain admin?
Is your user member of exchange admins ?

The issue has been sort it after we disable to McAfee and run the PowerShell command works as expected.
However one of the Exchange server failed to run the management shell.
Any idea? Please
You should have red error message when launching exchange powershell.
You Can copy paste this error on Google.
Aldo, what is error message ?

I did the renewal process, as my Auth cert was expired.

For me both OWA and ECP are not working.


After doing everything, it still doesn't work.

I suspect I need to wait 2 hours until GMT "reaches" my local timezone.
From the other posts I suspect that certificate checking is done in GMT and not the local timezone.


Yes . Wait. You Can perform a reboot but not sure it will boost. For me, i waited 4 hours (french).
You Can also change your timezone (see or in discuss) to do it instentanly (sorry for my english)
Yes it worked after 2 hours.
You can cahnge system time to UTC or wait to update your time zone to utc sync. If you cahnge it to UTC it's work instantly.
I've gotten the error, followed the steps to a "T" and fixes itself but a day or two later it errors back out. Renewed the cert and cleared the old one. Restarted both pools, also IIS pool. Think I've repeated these steps 3 times now. Anyone still have issues like this?



My certificate was valid till 2027 but my Windows 2019 Core server did updates (2 Feb 2022) and rebooted and after the reboot ecp and owa was broken. In the event log, i could see constant info messages to say that all the exchange items were either missing or corrupt. To fix this, i ran the commands to create a new OAuth certificate, removed the old one and then rebooted. I then re-ran the CU11 security update from January 2022 and rebooted again. It took a while but Exchange 2019 was happy again and both ecp and owa working fine. (Edward van Biljon - Office Apps & Services MVP)

hi, as you used you old CERT Thumbprint did this save you running the Hybrid Configuration Wizard again ? @SpadgingtonBear 

I'm attempting to follow the OAuth renewal instructions so I can regain access to the management console.
When I execute the initial command to obtain the thumbprint I get an error.
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List
The error told me the certificate with thumbprint xxxxxxxxxxxxx was not found.
Should I run the renewal command to create a new OAuth cert using the thumbprint displayed in the error message, or should I run it using the thumbprint viewable in the current certificate properties?

Hi @Asterofus may you please share the working document for the link you provided here it doesn`t seem to work and after reading this conversation I think it`s what I need for my problem today. Thanks in advance.