Skip to main content

Exchange OWA Error (Something Went Wrong)


Exchange OWA Error (Something Went Wrong)

 Exchange 2016 Cu8 on Windows Server 2012 R2 gave error on OWA, ECP will work if administrator doesn’t have a mailbox. else even ecp will throw the same error.

An unexpected error occurred and your request couldn't be handled.
X-ClientId: 15BED63F62FB4FDB809703ED2534C19D
request-id 1ac56275-a1ab-48cf-9f82-880c49767a19
X-OWA-Error Microsoft.Exchange.Diagnostics.ExAssertException
X-OWA-Version 15.1.1415.4
X-DAGServer COMM
X-DAGerver COMM

Date:11/07/2018 3:30:06 PM

Description:
Unable to find the certificate with thumbprint [Thumb code] in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token. or invalid or expired 'Microsoft Exchange Server Auth Certificate'

Solution:
Create new Microsoft Exchange Server Auth Certificate 
1.     Open Exchange admin Center ECP, then go to servers, certificates, find Microsoft Exchange Server Auth Certificate then click on renew, Renewing creates a second certificate named Microsoft Exchange Server Auth Certificate that is valid for another 5 years. This certificate has a new thumbprint and exists only on the server you've renewed it on. You need to identify the thumbprint for the new certificate. If you edit the certificate, in Exchange Admin Center, the thumbprint is on the general tab. You can type this in, but you're probably better of to cut and paste it into the later commands.
2.     RDP to exchange server and open Exchange management shell
 $thumb = "NewCertificateThumbprint"
$date = get-date
Then run the following command to add the new certificate:
Set-AuthConfig -NewCertificateThumbprint $thumb -NewCertificateEffectiveDate $date
 You will get a warning that the new effective date is not 48 hours in the future. However,
 if we're recovering from an expired certificate, we're OK with that.
3.     Now you need to publish the certificate to all servers:
Set-AuthConfig -PublishCertificate
4.     And finally, remove the old expired certificate from the configuration:
Set-AuthConfig -ClearPreviousCertificate
5.     Finally, you can delete old one from all Exchange servers.
6.     You may need to do an iisreset PowerShell elevated mode after all of the AuthConfig changes were done. It’s possible that it will be done a restart but just take longer. and most likely it needs 60-180 Minutes per my experience.
Labels:

Comments

Post a Comment

Popular posts from this blog

CredSSP Encryption Oracle Remediation RDP issue

  CredSSP Encryption Oracle Remediation RDP issue An update released by Microsoft ( KB 4093492 )on  May 8, 2018 , for Windows 10 Operation System was targeted to change the default settings CredSSP from  Vulnerable  to  Mitigated . However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols. This has been reported to cause an error thrown by Windows RDP as below: Solution: Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access. 1. Open Group Policy Editor, by executing  gpedit.msc 2. Policy path:  Computer Configuration -> Administrative Templates -> System -> Credentials Delegation Run  gpedit.msc  and expand  Administrative Templates Expand  System Expand  Credential Delegation Edit  Encryption Oracle Remediation Select  Enabled  and change Production Leve...
Post a Comment
Read more

How to configure E-Mail notification in WSUS

How to configure E-Mail notification in WSUS The WSUS server can be configured to send e-mail notifications of new updates and reports on the status of the WSUS network. Notifications will be sent whenever the WSUS server synchronizes new updates, and status reports can be sent daily or weekly.  Set up e-mail notifications In the WSUS Administration console, click  Options in the left pane. In the center pane, click  E-Mail Notifications . Click the  General If you want update notifications, select the  Send e-mail notification when new updates are synchronized check box. In the  Recipients box, type the e-mail addresses of the people who should receive update notifications. Separate the names with semi-colons. If you want status reports, select the  Send status reports check box. In the  Frequency box, select either  Daily  or  Weekly . In the  Send repo...
Post a Comment
Read more