Missing Microsoft Exchange Server Auth Certificate

Question

We have 3 on-premise exchange servers 2013. We are receiving the following event ID in the app logs on the servers.

Unable to find the certificate with thumbprint in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.

I checked the Auth Certificate on all the servers using EAC. The Thumbprint is not the same as the one in the event log. We have not renewed this certificate. It does not expire until 2024.

When I ran Get-AuthConfig, the results returned were the thumbprint in the the event iD and had old dates.

I do not know how this happened. Do I need to create a new certificate or do I run a command the Set-AuthConfig to use the thumbprint showing in EAC. Thank you for your help.

Answer 1

@mara2021

Does it like the picture below(The source is MSExchange Certificate Deployment)?

If it point the the Auth Certificate, you will need to recreate them even they aren't expired. If the event log isn't point to Auth Certificate, could you provide more detailed information about this event log? It will help use to narrow down this issue.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---

Answer 2

Thank you for your response. Yes, it does look like the picture you sent. Will re-create. I think maybe the July patch KB5004778 may have caused the problem. We did uninstall the patch. We are looking to reinstall sometime this month. Thanks again for your help.