owa
127 TopicsOWA inline CID images still not displayed – EEMS mitigation side effect persists?
Environment: Exchange Server Subscription Edition (SE), RTM Jun26SU installed (all updates current as of June 2026) On-premises, Windows Server 2019 OWA tested in Chrome, Edge, Firefox – all including InPrivate/Incognito mode Issue: Since approximately May 14–15, 2026 (coinciding with the EEMS mitigation rollout for CVE-2026-42897), inline CID-referenced images in emails are no longer displayed in OWA. Instead, OWA replaces them with a transparent 1×1 GIF placeholder (a data-URI containing a blank GIF image). Microsoft Support confirmed this is a known side effect of the EEMS mitigation for CVE-2026-42897. We expected the June 2026 Security Update (KB5094139) to resolve this – but the problem persists even after installation. Test results: Method OWA Outlook Desktop Thunderbird External HTTPS image ✅ Visible ✅ Visible ✅ Visible Base64 embedded image ❌ Not visible ✅ Visible ✅ Visible CID inline image ❌ Not visible (blank placeholder) ✅ Visible ✅ Visible What we confirmed: Affects all users, all browsers, all devices, all networks Affects newly created mailboxes as well The blank placeholder is injected server-side by OWA Problem started exactly with the EEMS mitigation rollout (~May 14, 2026) June 2026 SU (KB5094139) installed – problem still present Microsoft Support has been engaged for 5+ weeks without resolution Questions: Has anyone else confirmed that the June 2026 SU does not fix the OWA inline image rendering issue? Is there a known follow-up fix or hotfix planned specifically for this side effect? Has anyone found a working workaround that does not involve disabling Extended Protection? Any feedback from the Exchange product team or other admins would be greatly appreciated.Solved719Views1like7CommentsEdge Facebook OWA starts greyed out with Close Button
I have setup Facebook as an Edge desktop OWA and when I click to start it loads greyed out with a CLOSE button in the top left (see screen snip below). If I click on close, everything works OK. How can I stop this from happening and avoid having to click close everytime?456Views0likes5CommentsHow to Delete a Composing Email Attachment via Outlook Add-in?
Context: Server: Exchange Server 2019 on premise Client: OWA Category: Outlook Add-in Office JS API Set: Supported up to 1.5 only Problem Details: Delete an attachment added manually or through EWS API to an email item. Limitations: 1. Limitation of makeEWSRequestAsync() Office JS method: The makeEWSRequestAsync method in Office.js does not support the DeleteAttachment SOAP operation, which is required from outlook add in. -> Attempted Workaround - Using fetch with EWS SOAP Request: I tried invoking the DeleteAttachment operation via a fetch call to the EWS endpoint. However, EWS response states "requested web method is not allowed for this application". 2. OWA Limitation: As OWA in this environment only supports Office.js up to version 1.5, the modern attachment Office JS APIs and Graph APIs are not an option. Question: In an Exchange On-Premises scenario, how can I programmatically delete attachments via my add-in? Specifically, is there a recommended approach to obtain a valid token for EWS requests, or any supported alternative to perform DeleteAttachment? Any way to convert EWS attachment ID to Office JS attachment UUID? Additional Notes: I am aware that Exchange Online supports more modern APIs (Graph/REST), but my current deployment is strictly Exchange On-Premises. The add-in works well for reading attachments and other operations, except for deletion. Any guidance or recommendations would be highly appreciated! Thank you in advance.233Views0likes1CommentOWA Upload and Share Permissions
Hello...I have a user using OWA (University - Microsoft 365 A5 license) who is experiencing a new scenario/error msg., when initiating the "upload and share" option to share a locally stored file as an email attachment (gets uploaded by default to their OneDrive Attachments folder) when sending OWA email messages to colleagues. The email will send with the attachment icon/link, but recipients don't have access to it and have to choose the "request access" option, where then the user/sender can approve the request for access. The error msg., is "you don't have permission to give others access to file X" and the filename that is uploaded has red text (normally it is blue). The users has tested this scenario on multiple computers w/ multiple browsers, and changed the upload OneDrive folder location, with the same result. I can initiate the same scenario on the same computers, browsers, and files, while signed onto my OWA account w/ out issue. The user's Mailbox has a small quota size and their OneDrive account does as well. This started about two weeks ago, though as far as I know, no University Enterprise changes were made to the users account. Not sure what to look at for a solution so any help would be appreciated. Thanks!Solved213Views0likes1CommentWhy signatures disappear in OWA
Hi, We have problem with disappearing signatures in OWA. Signatures in OWA worked without problem till last week. But today, users that have BB licences and use only OWA loosing their signatures. It repeats every 1-2 days. Have anybody experience with this problem? Can you give me advice, how to solved it? Thanks.545Views0likes1Commentupgrading from exchange 2013 to 2019, new install of 2019..cannot login to ecp or owa
hi, thanks in advance for your help. i have an existing small environment. it consists of a pair of 2022 domain controllers, the domain/forest level is set to 2016. I have an existing 2012 (not r2) server running exchange 2013 and a brand new 2022 server with newly installed exchange 2019. everything is patched fully. the install of 2019 proceeded without error. however, i cannot login to either owa or ecp on the 2019 server. when i try, i just get sent back to the login screen. in the event log, i see this warning: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 8/7/2023 1:09:12 PM Event time (UTC): 8/7/2023 5:09:12 PM Event ID: 31c12d2579ac4779bfec01933febc091 Event sequence: 2 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT/owa-1-133359017471842518 Trust level: Full Application Virtual Path: /owa Application Path: D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\ Machine name: HOME-EXCH1 Process information: Process ID: 472 Process name: w3wp.exe Account name: NT AUTHORITY\SYSTEM Exception information: Exception type: TargetInvocationException Exception message: Exception has been thrown by the target of an invocation. at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Owin.Loader.DefaultLoader.<>c__DisplayClass12.<MakeDelegate>b__b(IAppBuilder builder) at Owin.Loader.DefaultLoader.<>c__DisplayClass1.<LoadImplementation>b__0(IAppBuilder builder) at Microsoft.Owin.Host.SystemWeb.OwinAppContext.Initialize(Action`1 startup) at Microsoft.Owin.Host.SystemWeb.OwinBuilder.Build(Action`1 startup) at Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() at System.Threading.LazyInitializer.EnsureInitializedCore[T](T& target, Boolean& initialized, Object& syncLock, Func`1 valueFactory) at Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) ID1039: The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user. Thumbprint: '9F650D5586F179E05BA85AE833DFB66044CA2F08' at System.IdentityModel.X509Util.EnsureAndGetPrivateRSAKey(X509Certificate2 certificate) at System.IdentityModel.RsaEncryptionCookieTransform..ctor(X509Certificate2 certificate) at Microsoft.Exchange.Security.Authentication.OAuthExtension.DataHandler.RsaGenericDataProtector..ctor(X509Certificate2[] certificates) at Microsoft.Exchange.Clients.Owa2.Server.Core.notifications.SignalR.SignalRStartup.Configuration(IAppBuilder app) Invalid provider type specified. at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.X509Util.EnsureAndGetPrivateRSAKey(X509Certificate2 certificate) Request information: Request URL: https://localhost:444/owa/proxylogon.owa Request path: /owa/proxylogon.owa User host address: 127.0.0.1 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\SYSTEM Thread information: Thread ID: 13 Thread account name: NT AUTHORITY\SYSTEM Is impersonating: False Stack trace: at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Owin.Loader.DefaultLoader.<>c__DisplayClass12.<MakeDelegate>b__b(IAppBuilder builder) at Owin.Loader.DefaultLoader.<>c__DisplayClass1.<LoadImplementation>b__0(IAppBuilder builder) at Microsoft.Owin.Host.SystemWeb.OwinAppContext.Initialize(Action`1 startup) at Microsoft.Owin.Host.SystemWeb.OwinBuilder.Build(Action`1 startup) at Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() at System.Threading.LazyInitializer.EnsureInitializedCore[T](T& target, Boolean& initialized, Object& syncLock, Func`1 valueFactory) at Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) Custom event details: i see a lot of info on the web about permissions to private keys but i have checked and the app pool user is localsystem, and system has full access to the keys. i also see some information about the provider type but this cert was generated by the install.....so would it generate a cert it could not use?? i have working on this for days and am going around in circles. i really appreciate anyone's help on this! thanksSolved3.5KViews0likes11Comments