Unable to login to OWA – Encryption Certificate

I was recently working with a customer who had issues with logging into OWA. The users would get the following error:


Something went wrong

We can’t get that information right now. Please try again later.

X-FEServer: <servername>

Date: 8/3/2017 4:13:24 PM

In the event viewer under the application logs I found the following warnings:

Log Name: Application

Source: MSExchange OAuth

Date: 8/3/2017 11:13:08 AM

Event ID: 2004

Task Category: Configuration

Level: Warning

Keywords: Classic

User: N/A

Computer: <servername>


Unable to find the certificate with thumbprint EF6392A5E64713AD43598B7A0FF75080964FB096 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.



To find the existing certificate for which the authentication configuration is looking you can run:


I found that the certificate returned wasn’t listed when I ran the command Get-ExchangeCertificate. I was required to create a new exchange certificate by running the following commands:


Now to set the AuthConfig to the newly created certificate we need to run the following:


Now when I check the AuthConfig you can see the update certificate:


Within minutes and without any service restarts managed availability had determined OWA to be healthy:

One thought on “Unable to login to OWA – Encryption Certificate

  1. Same problem.
    ECP Work, but not OWA.

    Finally after many tries. I follow this :

    I upgraded Exchange 2016 CU6 to Exchange 2016 CU6 with this command:
    Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

    That’s worked fine to me.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.