Once installing Exchange 2016 Cu8 on Windows Server 2012 R2 gave error on OWA.
ECP will work if administrator doesn’t have a mailbox. else even ecp will throw the same error.
An unexpected error occurred and your request couldn’t be handled.
X-ClientId: F554643C29C44C22B59A1DF6E706EB91
request-id bd391bdf-5057-4d0e-8a4d-c5a4f42f22d2
X-OWA-Error Microsoft.Exchange.Diagnostics.ExAssertException
X-OWA-Version 15.1.1415.2
X-FEServer EXCH2016
X-BEServer EXCH2016
Search for Event 2004 to make sure you are having issues with the auth certificate-
Log Name: Application
Source: MSExchange OAuth
Event ID: 2004
Task Category: Configuration
Level: Warning
Computer: EXCH2016.careexchange.in
Description:
Unable to find the certificate with thumbprint A9BBA1727F285CD86EB5785DF47C0A19DA997280 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.
Solution –
- Creating a new Exch Auth Certificate. Resolved the issue.
Ran below , Saw Auth certificate missing.
Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint
Created a new certificate . Change to your default domain on the end of the command.
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "careexchange.in"
Say no to Replace SMTP Certificate.
Run
Set-AuthConfig –PublishCertificate
Set-AuthConfig –ClearPreviousCertificate
Then run
Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint
verified auth certificate created successfully. Do iis reset. wait for few hours if its a large environment. it should resolve the same.
Run below if still issue persists.
- Locate bin folder and run updatecas.ps1 and updateConfigfile.ps1 resolved for few others.
Other things i have tried –
- Took Backup – Tried Removing msExchCanaryData0/1/2. No luck
- Uninstall and re install the server. No Luck
I am having the similar issue on the newly installed exchange 2016 cu8 , did you found any solution or is the bug with the CU8 release ?
Since CU8 was just released 2 weeks back and not many users have had a chance to test it.
I am planning to install CU7, could you please let me know if this issue is not present in CU7?
i dont think its present on cu7. not everyone faces this issue on cu8 as well.
i have the same X-OWA-Error error, but the instruction is not help me/ install was new, not update.
Same here, have tried this and still doesn’t work. Fresh Server 2016, Fresh Exchange 2016, following installation processes published on TechNet. Do Microsoft actually have any testers? Because surely it should work out of the box?
Same here. solution is not working. any update on this one?
I got the solution for people still encountering the issue after applying above, it’s important you follow step by step:
1. Delete any previous created certificates.
2. Create the new certificate as described above.
3. Leave the ANSI edit story, no need for that.
4. Once certificate is created go to your IIS manager.
5. Select the Default Website and edit binding.
6. Select the 443 * binding and change the certificate to the fresh created certificate.
7. Do the same for the Exchange Back End, edit the 444 * binding and select the new certificate as well.
8. Reboot server
9. IMPORTANT: now run these commands: UpdateCas.ps1 and UpdateConfigFiles.ps1
10. Reboot and enjoy your OWA working!
(Currently on site at customer, brand new servers facing this issue, resolved it as we speak.
With your steps the OAUth certificate would not be changed!! These Steps are correct see:
https://support.microsoft.com/en-us/help/4036163/you-can-t-access-owa-or-ecp-after-you-install-exchange-server-2016-cu6
1.Create new OAuth certifikat:
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName “MyDomain.com”
2.Set the created certificate to be used for server authentication by running the following commands:
Set-AuthConfig -NewCertificateThumbprint “” -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig –PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
3.Restart the Microsoft Exchange Service Host Service:
net stop MSExchangeServiceHost
net start MSExchangeServiceHost
4.IISReset oder recycle OWA and ECP APP pools:
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool
Thats all…
VIELEN DANK DAFÜR!!!
Ihre Begrüßung