This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi All, Please see the picture below, this is first installation for Exchange Server 2019 CU11 but OWA&ECP broken. I do the this KB https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired?preserve-view=true#resolution I found the event id: 4999, 1309 and 1003 please see the below, Event ID: 4999 Watson report about to be sent for process id: 15232, with parameters: E12IIS, c-RTL-AMD64, 15.02.0986.015, w3wp#MSExchangeOWAAppPool, M.E.Clients.Common, M.E.C.C.HmacProvider.GetCertificates, M.E.Diagnostics.ExAssertException, cd35-dumptidset, 15.02.0986.015. ErrorReportingEnabled: False ===================================================================================== Event ID: 1309 Event code: 3005 Event message: An unhandled exception has occurred. Event time: 1/14/2022 9:36:47 PM Event time (UTC): 1/14/2022 2:36:47 PM Event ID: c5ad3b7ad1b24a43b2072afc9cef430d Event sequence: 2 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/ROOT/owa-2-132866445990448970 Trust level: Full Application Virtual Path: /owa Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\ Machine name: MEOEX01 Process information: Process ID: 15232 Process name: w3wp.exe Account name: NT AUTHORITY\SYSTEM Exception information: Exception type: ExAssertException Exception message: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssertT1,T2 at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c_DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b_0() at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func2 filterDelegate, Action1 catchDelegate) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(Action method) Request information: Request URL: https://meoex01.meojewelry.com:443/owa/auth.owa Request path: /owa/auth.owa User host address: 192.168.0.23 User: MEOJ\Administrator Is authenticated: True Authentication Type: Basic Thread account name: NT AUTHORITY\SYSTEM Thread information: Thread ID: 12 Thread account name: NT AUTHORITY\SYSTEM Is impersonating: False Stack trace: at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssertT1,T2 at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c_DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b_0() at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func2 filterDelegate, Action1 catchDelegate) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(Action method) Custom event details: ==================================================================================== and 1003 [Owa] An internal server error occurred. The unhandled exception was: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssertT1,T2 at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c_DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b_0() at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func2 filterDelegate, Action1 catchDelegate) Anybody please help or suggestion me how do the next steps? Thank you very much Tanisorn Sowudomsilp ![![165145-image.png][1]][1] [1]: /api/attachments/165108-image.png?platform=QnA
So you replace the OAuth Cert?
If so, you may need to wait a bit for it take effect. Could be hours.
Hi AndyDavid,
Yes I did it, but this is first installation of Exchange Server 2019 CU11, the OAuth cert does not expire but I did the your suggestion.
So I am not sure will work for me after did it.
Thank you very much.
Ok, yea the Oauth Cert should have been fine if this is the very first installation.
How long ago did you update it?
I did it about a hour.
![165181-image.png][1] It still does not work. [1]: /api/attachments/165181-image.png?platform=QnA
It still does not work. ![165165-image.png][1] [1]: /api/attachments/165165-image.png?platform=QnA
Hi AndyDavid,
You say right. I do the OAuth cert replacing and wait about 11 hours the ECP/OWA are work!!!!!
Thank you very much,
Tanisorn Sowudomsilp
Awesome! Can you mark my answer as accepted so this can closed? Thanks!
Hello,
Have you tried a new certificate binding yet? Bind your new certificate in IIS then run iisreset.
If that doesn't work, create a new self-signed (or Public) certificate, bind it to IIS and then run the iisreset command.
Miguel Fra
https://www.falconitservices.com
Hi Miguel Fra,
It does not work for me for your suggestion.
I found event id: 4999
Watson report about to be sent for process id: 15232, with parameters: E12IIS, c-RTL-AMD64, 15.02.0986.015, w3wp#MSExchangeOWAAppPool, M.E.Clients.Common, M.E.C.C.HmacProvider.GetCertificates, M.E.Diagnostics.ExAssertException, cd35-dumptidset, 15.02.0986.015.
ErrorReportingEnabled: False
Thank you very much.