This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 56.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hello I have asked a question different portal in exchange and they suggested to check here.
Please help.
Question in another portal:
Attached the screenshot of the error, and below is the writeup:
Hello,
I have recently updated the SSL certificate for Exchange server for the URL and after updating i got error for ECP portal:
Image
I checked in event viewer and got this error:
[Owa] An internal server error occurred. The unhandled exception was: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.ProxyModule.<>c__DisplayClass16_0.<OnBeginRequest>b__0()
at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func2 filterDelegate, Action1 catchDelegate)
Image
Followed the steps as suggested:
but I can see the certificate is not expired:
Image
Still I tried to follow the process further and generated a new certificate and when in tried set-authconfig got this error:
Image
please help on this issue.
Is the new certificate correctly imported into the computer store, and the bindings on IIS set to use this new certificate?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @Abhishek Kumar ,
Just checking in to see how things are going on with this thread.
Does this issue have any updates? If it has been resolved, please click "Accept as answer" to mark useful post or share your solution, your action would benefit others who have similar issues.
If you have any questions or need further assistance, please feel free to post back. Thanks!
This issue occurs if the Exchange Server Open Authentication (OAuth) certificate is expired, not present, or not configured correctly.
According to the screenshot of Get-AuthConfig that you provided, the main cause for this issue is not that the certificate expires, but because the Microsoft Exchange Server Auth Certificate is not present.
When you run the set-authconfig command, please replace <ThumbprintFromStep1> with the newly generated Thumbprint by copy-pasting it directly to avoid typing the wrong characters and manually.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for the suggestion, I did checked the Backend app and it is updated with correct certificate, I checked the server does miss some of the CU's so I am updating them, over the weekend to see if the update will resolve the issue.
Hi,
Just checking in to follow up with this thread. If you have any questions or need further help on this issue, please feel free to post back.
Followed all the steps and recreated new server certificate:
Using exchange power shell
Set-AuthConfig -NewCertificateThumbprint "thumbprint" -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Restart the Microsoft Exchange Service Host Service.
IISRESET
Tried this
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName @()
But was not able to assign the set-authconfig using the thumbprint.
This got the ECP working.. but looked like SMTP relay was not working
$cert = Get-ExchangeCertificate -Thumbprint "Thumbprint"
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"
Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename
Set-ReceiveConnector "Server-EX04\Default Frontend Server-EX04" -TlsCertificateName $tlscertificatename
Set-ReceiveConnector "Server-EX05\Default Frontend Server-EX05" -TlsCertificateName $tlscertificatename
To fix this issue, install the latest cumulative update for Exchange Server 2019.
Check these articles for help - https://support.microsoft.com/en-us/topic/event-ids-1003-1309-and-4999-are-logged-after-installing-exchange-server-2019-cu8-1295c555-d590-4a06-a53a-c14a0f363ee3
https://www.stellarinfo.com/blog/microsoft-exchange-remote-code-execution-vulnerability-flaws-and-fixes/
Also, try to replace the backend self-signed certificate for the new certificate. Do not replace those. Keep the self-signed.
Thanks for the update @imamit
I checked and it seems like server in my environment is missing some CUs I will update them over the weekend, to see if that resolves the issue.