Unable to login to OWA – Encryption Certificate

I was recently working with a customer who had issues with logging into OWA. The users would get the following error:

Something went wrong

We can’t get that information right now. Please try again later.

X-FEServer: <servername>

Date: 8/3/2017 4:13:24 PM

In the event viewer under the application logs I found the following warnings:

Log Name: Application

Source: MSExchange OAuth

Date: 8/3/2017 11:13:08 AM

Event ID: 2004

Task Category: Configuration

Level: Warning

Keywords: Classic

User: N/A

Computer: <servername>

Description:

Unable to find the certificate with thumbprint EF6392A5E64713AD43598B7A0FF75080964FB096 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.

To find the existing certificate for which the authentication configuration is looking you can run:

I found that the certificate returned wasn’t listed when I ran the command Get-ExchangeCertificate. I was required to create a new exchange certificate by running the following commands:

Now to set the AuthConfig to the newly created certificate we need to run the following:

Now when I check the AuthConfig you can see the update certificate:

Within minutes and without any service restarts managed availability had determined OWA to be healthy:

Leave a Reply

Your email address will not be published. Required fields are marked *