question

TanisornSowudomsilp-1953 avatar image
0 Votes"
TanisornSowudomsilp-1953 asked AndyDavid commented

First Server Installation for Exchange 2019 CU11 but OWA/ECP Error

Hi All, Please see the picture below, this is first installation for Exchange Server 2019 CU11 but OWA&ECP broken. I do the this KB https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired?preserve-view=true#resolution I found the event id: 4999, 1309 and 1003 please see the below, Event ID: 4999 Watson report about to be sent for process id: 15232, with parameters: E12IIS, c-RTL-AMD64, 15.02.0986.015, w3wp#MSExchangeOWAAppPool, M.E.Clients.Common, M.E.C.C.HmacProvider.GetCertificates, M.E.Diagnostics.ExAssertException, cd35-dumptidset, 15.02.0986.015. ErrorReportingEnabled: False ===================================================================================== Event ID: 1309 Event code: 3005 Event message: An unhandled exception has occurred. Event time: 1/14/2022 9:36:47 PM Event time (UTC): 1/14/2022 2:36:47 PM Event ID: c5ad3b7ad1b24a43b2072afc9cef430d Event sequence: 2 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/ROOT/owa-2-132866445990448970 Trust level: Full Application Virtual Path: /owa Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\ Machine name: MEOEX01 Process information: Process ID: 15232 Process name: w3wp.exe Account name: NT AUTHORITY\SYSTEM Exception information: Exception type: ExAssertException Exception message: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssert[T1,T2](Boolean condition, String formatString, T1 parameter1, T2 parameter2) at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c_DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b_0() at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func`2 filterDelegate, Action`1 catchDelegate) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(Action method) Request information: Request URL: https://meoex01.meojewelry.com:443/owa/auth.owa Request path: /owa/auth.owa User host address: 192.168.0.23 User: MEOJ\Administrator Is authenticated: True Authentication Type: Basic Thread account name: NT AUTHORITY\SYSTEM Thread information: Thread ID: 12 Thread account name: NT AUTHORITY\SYSTEM Is impersonating: False Stack trace: at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssert[T1,T2](Boolean condition, String formatString, T1 parameter1, T2 parameter2) at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c_DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b_0() at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func`2 filterDelegate, Action`1 catchDelegate) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(Action method) Custom event details: ==================================================================================== and 1003 [Owa] An internal server error occurred. The unhandled exception was: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssert[T1,T2](Boolean condition, String formatString, T1 parameter1, T2 parameter2) at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c_DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b_0() at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func`2 filterDelegate, Action`1 catchDelegate) Anybody please help or suggestion me how do the next steps? Thank you very much Tanisorn Sowudomsilp ![![165145-image.png][1]][1] [1]: /answers/storage/attachments/165108-image.png

office-exchange-server-administrationoffice-exchange-online-itprooffice-exchange-server-mailflowoffice-exchange-server-connectivityoffice-exchange-server-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
1 Vote"
AndyDavid answered AndyDavid commented

So you replace the OAuth Cert?
If so, you may need to wait a bit for it take effect. Could be hours.

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi AndyDavid,

Yes I did it, but this is first installation of Exchange Server 2019 CU11, the OAuth cert does not expire but I did the your suggestion.
So I am not sure will work for me after did it.

Thank you very much.

0 Votes 0 ·
AndyDavid avatar image AndyDavid TanisornSowudomsilp-1953 ·

Ok, yea the Oauth Cert should have been fine if this is the very first installation.
How long ago did you update it?

0 Votes 0 ·

I did it about a hour.

0 Votes 0 ·
Show more comments

It still does not work. ![165165-image.png][1] [1]: /answers/storage/attachments/165165-image.png

0 Votes 0 ·

Hi AndyDavid,

You say right. I do the OAuth cert replacing and wait about 11 hours the ECP/OWA are work!!!!!


Thank you very much,
Tanisorn Sowudomsilp

0 Votes 0 ·
AndyDavid avatar image AndyDavid TanisornSowudomsilp-1953 ·

Awesome! Can you mark my answer as accepted so this can closed? Thanks!

0 Votes 0 ·
falconitservicesinc avatar image
0 Votes"
falconitservicesinc answered TanisornSowudomsilp-1953 commented

Hello,

Have you tried a new certificate binding yet? Bind your new certificate in IIS then run iisreset.

If that doesn't work, create a new self-signed (or Public) certificate, bind it to IIS and then run the iisreset command.

https://docs.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/owa-ecp-ems-cannot-connect-after-self-signed-certificate-removed

Miguel Fra
https://www.falconitservices.com

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Miguel Fra,

It does not work for me for your suggestion.
I found event id: 4999

Watson report about to be sent for process id: 15232, with parameters: E12IIS, c-RTL-AMD64, 15.02.0986.015, w3wp#MSExchangeOWAAppPool, M.E.Clients.Common, M.E.C.C.HmacProvider.GetCertificates, M.E.Diagnostics.ExAssertException, cd35-dumptidset, 15.02.0986.015.
ErrorReportingEnabled: False


Thank you very much.

0 Votes 0 ·