Exchange OAuth authentication couldn't find the authorization certificate with thumbprint error when running Hybrid Configuration
Original KB number: 3089171
When you run the Hybrid Configuration wizard, OAuth authentication configuration fails, and you receive the following error message:
Exchange OAuth authentication couldn't find the authorization certificate with thumbprint <Thumbprint> in your on-premises organization. Run Get-AuthConfig cmdlet to verify the CurrentCertificateThumbprint information.
The OAuth authentication configuration looks for a specific certificate. However, this certificate either was removed or can't be accessed.
To fix this issue, follow these steps:
Open the Exchange Management Shell.
Identify the certificate for which the authentication configuration is looking. To do this, follow these steps:
Run the following command:
Get-AuthConfig |fl CurrentcertificateThumbPrint
Examine the output, and then take one of the following actions:
If no value is returned for
CurrentCertificateThumbPrint, go to step 3.
If a value is returned for
CurrentCertificateThumbPrint, verify that the certificate is available to Exchange. To do this, run the following command:
If a certificate that has a matching thumbprint is available in both locations, there should be no issues. You can run the Hybrid Configuration wizard again to set OAuth authentication. If the issue persists, go to step 3.
Create a new certificate. To do this, run the following command:
New-ExchangeCertificate -KeySize 2048 -SubjectName "cn= Microsoft Exchange ACS Certificate" -FriendlyName "Microsoft Exchange Server ACS Certificate" -PrivateKeyExportable $true -Services SMTP -DomainName fabrikam.com
Set the new certificate that you created to be used for OAuth authentication. To do this, run the following commands:
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep4A> -NewCertificateEffectiveDate $date