Share via

After KB5004778 update, unable to access OWA & ECP (http code 500)

EM Support 36 Reputation points
2021-07-18T01:59:12.187+00:00

Exchange 2013 CU23
After login to OWA or ECP, I encountered http code 500.
Before that, I was updated security update KB5004778 (after a few failed attempts).
115623-image.png

I followed "OWA or ECP stops working after you install a security update" but failed.
https://learn.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/owa-stops-working-after-update
I run security update KB5004778 again without any issue.
But I still got http code 500.
Please advise, thanks.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,426 questions
Accepted answer
  1. Kael Yao-MSFT 37,586 Reputation points Microsoft Vendor
    2021-07-19T01:40:56.317+00:00

    Hi @EM Support

    Sorry I need to add the following questions to get some more information:

    1. Is it a standalone Exchange server?
    2. Can you find some error events in the Event Viewer>Application log?
    3. Can Exchange Management Shell be opened without any problems?

    And was the detailed HTTP 500 error message "HMACProvider.GetCertificates:protectionCertificates.Length<1"?

    If it is the case, this issue may be caused by the OAuth certificate is missing or expired.
    115669-15.jpg

    Please run this command to first check if the OAuth certificate is missing or expired: 

    Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

    If there is no result returned or the OAuth certificate has expired, please follow this link to create a new OAuth certificate and see if it can get rid of the problem.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

11 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Giorgio Busoni 1 Reputation point
    2021-07-19T22:55:27.547+00:00
    0 comments
  2. Arunkumar Mayakrishnan 1 Reputation point
    2021-07-20T07:39:01.14+00:00

    The Microsoft Exchange Server Auth Certificate got pointed to a wrong expired one, causing this issue.

    To fix it first, check whether the Auth certificate using the below command. If it's not pointed to the correct one, then it needs to be replaced with the correct one.

    Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

    To replace the correct certificate :
    Set-AuthConfig -NewCertificateThumbprint <correctMSAuththumprint> -NewCertificateEffectiveDate (Get-Date)
    Set-AuthConfig -PublishCertificate
    Set-AuthConfig -ClearPreviousCertificate

  3. Fares Istaitieh 1 Reputation point
    2021-08-01T09:41:26.19+00:00

    Hi @Kael Yao-MSFT

    I have the same issue with exchange 2013 after installing: Exchange2013-KB5004778-x64-en.
    I'm just reading the link you add https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired#resolution
    but before I start i just found that my current certificate not expired, so should i proceed with the steps of creating a new one or there is any other solution

    119633-capture.png

    0 comments
  4. KTC_Church 16 Reputation points
    2021-08-03T14:03:00.36+00:00

    @Fares Istaitieh , yes, proceed. My cert wasn't expired either and I did the steps anyway and it fixed my issue.