[solved] How to install/update the expired OAuth certificate on the On-Prem hybrid Exchange 2013 server.

adminApril 20, 2022

0 871 1 minute read

Overview

The Exchange ECP hybrid portal can break if the OAuth certificate is expired or if the servers gets patched with new Exchange updates and will display the following message when trying to access the portal using https://localhost/ecp on the local server.

“HMACProvider.GetCertificates:protectionCertificates.Length<1,”

You can validate the On-Premise hybrid Exchange version by running the command on the On-Premise hybrid Exchange server. The On-Prmeise hybrid Exchange sever is always a source of authority in an hybrid environment

” Get-Exchangeserver | Sort Site,Name | FT Name,ServerRole,AdminDisplayVersion,Site -AutoSize -Wrap ”

Problem

The Exchange management page https://localhost/ecp does not work, so if you go the web page remotely using https://servername/ecp, the page will load and display the login page

After the adding credentials, the page breaks with the 500 backend error message. see below

Solution

First step is to generate a new OAuth certificate with using Exchange management shell using the command below.

“New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName “contoso.com”

2. This will generate a new certificate and once generated we will need to thumbprint form the new certificate by running the “Get-ExchangeCertificate | FL” and copying the thumbprint to notepad for the later command

3. Now you will need to set the AuthConfig to the new certificate by running the following command and replacing the thumbprint with the one you copied into the notepad.

“Set-AuthConfig -NewCertificateThumbprint “E999999912066666D7″ -NewCertificateEffectiveDate (Get-Date)”

4. Now you will need to publish the certificate by using the following command

“Set-AuthConfig -PublishCertificate”

5. Lastly you will need to clear the old certificate by using the following command

“Set-AuthConfig -ClearPreviousCertificate”

6. Now that all the configurations have been applied, all you need now to do is reset.

Run the “cmd” and type IISREST to stop and start the IIS service.

Launch the ECP portal and you should be able to login now.

[solved] How to install/update the expired OAuth certificate on the On-Prem hybrid Exchange 2013 server.

Overview

Problem

Solution

admin

Leave a Reply Cancel reply

[Solved] How to Fix the “%AAA-3-ACCT_LOW_MEM_UID_FAIL: AAA unable to create UID for incoming calls due to insufficient processor memory” in Cisco Switches

How to create site to site Policy based VPN tunnel between Azure and Cisco ASA step by step

[Solved] how to fix the error message ” no valid assertion found in the SAML response”

How to fix an AWS Workspace that is “stuck” on Starting – step by step

[Solved] ESX LUN detected as a snapshot due a signature issue after SAN is upgraded.

Overview

Problem

Solution

admin

[solved] User authentication fails in PulseSecure when authentication server is changed.

[solved] How to enable encryption on a NetApp volumes step by step

Related Articles

How to migrate the Windows file server files and folders to SharePoint online step by step

Resolved – Metlogix “An error occurred while running database schema update script”

[Solved] how to resolve error message “Exception calling “ExecuteQuery” with “0” argument(s): “The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.””

[Solved] how to do user mapping between SharePoint 2007/2013 to SPO online using Metalogix Content Matrix script

Leave a Reply Cancel reply