question

SteveBottoms-6910 avatar image
0 Votes"
SteveBottoms-6910 asked KaelYao-MSFT commented

KB5004779 install on stand-alone CU20 box broke ECP/OWA!

Good morning. Box in question is stand-alone Ex2016 CU20. Installed KB5004779 this weekend; aside from temporarily borking all Content Indexes, I'm now getting a certificate-related error on this machine only: "ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 " Even though I'm trying to get into the ECP web, the error is being reported as "Server error in '/owa' Application. I'm not going to install this on my DAG members until I can resolve this cert/owa/ecp issue.

Anyone see this when installing KB5004779? Suggestions appreciated!
SteveInReno

office-exchange-server-administrationoffice-exchange-server-itpro
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The virtual directory configs are visually comparable to one of our existing, operational DAG members for the ECP and OWA virtual directories...

0 Votes 0 ·

I did have an expired self-signed Exchange Server Auth cert on this box, in addition to a valid 3rd party public server that was VALID. I've regenerated the self-signed cert on this box but it has as yet had no effect. I have NOT stopped/restarted any services, but I'm about to force an IISRESET.

0 Votes 0 ·

1 Answer

SteveBottoms-6910 avatar image
0 Votes"
SteveBottoms-6910 answered KaelYao-MSFT commented

Turns out the expired self-signed Exchange Server Cert may have been the issue after all... https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired

Note on the above referenced article: the sample publishes the new cert to ALL Org Exchange Servers; use with caution if you only want it pushed to a single server.

Thanks for reading!
SteveInReno

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @SteveBottoms-6910

Glad to hear the issue has been resolved!
Thanks for the sharing.

In addition, it is a known issue related to the Exchange Server OAuth certificate which has been documented in this link: Description of the security update for Microsoft Exchange Server 2016: July 13, 2021 (KB5004779)
127761-03.jpg


0 Votes 0 ·
03.jpg (29.5 KiB)