I was recently working with a customer who had issues with logging into OWA. The users would get the following error:
Something went wrong
We can’t get that information right now. Please try again later.
X-FEServer: <servername>
Date: 8/3/2017 4:13:24 PM
In the event viewer under the application logs I found the following warnings:
Log Name: Application
Source: MSExchange OAuth
Date: 8/3/2017 11:13:08 AM
Event ID: 2004
Task Category: Configuration
Level: Warning
Keywords: Classic
User: N/A
Computer: <servername>
Description:
Unable to find the certificate with thumbprint EF6392A5E64713AD43598B7A0FF75080964FB096 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.
To find the existing certificate for which the authentication configuration is looking you can run:
|
1 2 3 |
Get-AuthConfig |fl CurrentcertificateThumbPrint |
I found that the certificate returned wasn’t listed when I ran the command Get-ExchangeCertificate. I was required to create a new exchange certificate by running the following commands:
|
1 2 |
New-ExchangeCertificate -KeySize 2048 -SubjectName "cn= Microsoft Exchange ACS Certificate" -FriendlyName "Microsoft Exchange Server ACS Certificate" -PrivateKeyExportable $true -Services SMTP -DomainName yourdomain.com |
Now to set the AuthConfig to the newly created certificate we need to run the following:
|
1 2 3 4 |
$date=get-date Set-AuthConfig -NewCertificateThumbprint &lt;paste your thumbprint here&gt; -NewCertificateEffectiveDate $date Set-AuthConfig -PublishCertificate |
Now when I check the AuthConfig you can see the update certificate:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
Get-AuthConfig |fl RunspaceId : e96edc75-1035-4fe8-a0f5-d19a6abb12b7 CurrentCertificateThumbprint : 4B6085CE14DB35CE58D7EBB9CA5ABFC7ADEBB9B7 PreviousCertificateThumbprint : EF6392A5E64713AD43598B7A0FF75080964FB096 NextCertificateThumbprint : NextCertificateEffectiveDate : ServiceName : 00000002-0000-0ff1-ce00-000000000000 Realm : DeploymentId : IssuerIdentifier : Name : Auth Configuration AdminDisplayName : ExchangeVersion : 0.20 (15.0.0.0) DistinguishedName : CN=Auth Configuration,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local Identity : Auth Configuration Guid : f04228a3-c971-49dd-9fc8-4bbf6c4be299 ObjectCategory : domain.local/Configuration/Schema/ms-Exch-Auth-Auth-Config ObjectClass : {top, container, msExchContainer, msExchAuthAuthConfig} WhenChanged : 8/3/2017 11:29:41 AM WhenCreated : 10/13/2014 3:43:13 PM WhenChangedUTC : 8/3/2017 4:29:41 PM WhenCreatedUTC : 10/13/2014 8:43:13 PM OrganizationId : Id : Auth Configuration OriginatingServer : domaincontroller IsValid : True ObjectState : Unchanged |
Within minutes and without any service restarts managed availability had determined OWA to be healthy:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
Log Name: Microsoft-Exchange-ManagedAvailability/Monitoring Source: Microsoft-Exchange-ManagedAvailability Date: 8/3/2017 11:31:21 AM Event ID: 1 Task Category: Monitoring Level: Information Keywords: User: SYSTEM Computer: servername Description: The OWA.Protocol Health Set has determined to be healthy. |