After installing the Juli 2021 Exchange Security Update OWA and ECP may be broken.
If you receive the following error message follow these article to fix it:
![[Owa] An internal server error occurred. The unhandled exception was: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
bei Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters)
bei Microsoft.Exchange.Diagnostics.ExAssert.RetailAssert[T1,T2](Boolean condition, String formatString, T1 parameter1, T2 parameter2)
bei Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()
bei Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()
bei Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays)
bei Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication)
bei Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer)
bei Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()
bei Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()
bei Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)
bei Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b__0()
bei Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func`2 filterDelegate, Action`1 catchDelegate)](https://www2.irringer.de/wp-content/uploads/2021/07/OAuth0-1024x514.png)
In the Event Log you receive Event ID 1003 from Source “MSExchange Front End HTTP Proxy”
The reason why this message comes up is that the OAuth certificate has either expired or the certificate is considered invalid by Exchange.
To solve the problem, a new OAuth certificate must be issued. Please note that you either have to temporarily change the Exchange time to UTC or you have to wait a correspondingly long time until the certificate is recognized as valid by the Exchange
- Set Time Zone
Get-TimeZone -ListAvailable
Set-TimeZone -Name "Koordinierte Weltzeit"2. Create a new OAuth certificate by running the following command
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "domain.local"3. Set the new certificate for server authentication. To do this, run the following commands
Set-AuthConfig -NewCertificateThumbprint <Thumbprint of new created certificate> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate4. Restart Services and AppPools
Restart-Service MSExchangeServiceHost
IISReset
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool5. Set Time Zone back to your preferred one
Set-TimeZone -Name "Mitteleuropäische Zeit"When you have completed all the steps as described above, you should be able to access OWA and ECP as usual
Here is the official Microsoft article for this issue: Link
Schreibe einen Kommentar