Exchange OAuth authentication couldn't find the authorization certificate with thumbprint error when running Hybrid Configuration
Original KB number: 3089171
Symptoms
When you run the Hybrid Configuration wizard, OAuth authentication configuration fails, and you receive the following error message:
Exchange OAuth authentication couldn't find the authorization certificate with thumbprint <Thumbprint> in your on-premises organization. Run Get-AuthConfig cmdlet to verify the CurrentCertificateThumbprint information.
Cause
The OAuth authentication configuration looks for a specific certificate. However, this certificate either was removed or can't be accessed.
Resolution
To fix this issue, follow these steps:
Open the Exchange Management Shell.
Identify the certificate for which the authentication configuration is looking. To do this, follow these steps:
Run the following command:
Get-AuthConfig |fl CurrentcertificateThumbPrint
Examine the output, and then take one of the following actions:
If no value is returned for
CurrentCertificateThumbPrint
, go to step 3.If a value is returned for
CurrentCertificateThumbPrint
, verify that the certificate is available to Exchange. To do this, run the following command:Get-ExchangeCertificate
If a certificate that has a matching thumbprint is available in both locations, there should be no issues. You can run the Hybrid Configuration wizard again to set OAuth authentication. If the issue persists, go to step 3.
Create a new certificate. To do this, run the following command:
New-ExchangeCertificate -KeySize 2048 -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -PrivateKeyExportable $true -Services SMTP -DomainName fabrikam.com
Set the new certificate that you created to be used for OAuth authentication. To do this, run the following commands:
Command 1:
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep4A> -NewCertificateEffectiveDate (Get-Date)
Command 2:
Set-AuthConfig -PublishCertificate
Still need help? Go to Microsoft Community or the Exchange TechNet Forums.