Forum Discussion
Solved
Exchange Server error in '/owa' application
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1]
Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) +241
Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() +478
Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() +143
Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) +16
Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) +826
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) +2776
Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() +20
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() +229
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) +1379
Microsoft.Exchange.HttpProxy.<>c__DisplayClass3f.<OnCalculateTargetBackEndCompleted>b__3e() +311
Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) +35
Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate, LastChanceExceptionHandler exceptionHandler) +121
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate method) +69
[AggregateException: One or more errors occurred.]
Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult result) +416
System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) +231
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +172
- Ok i found solution. Use this to create new certificate https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
And after creating the certificate you must wait like a hour or more for changes work. Restart dont change the wait time 🙂
- Igual me funciono aplicar los comandos de la liga https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
- I'm attempting to follow the OAuth renewal instructions so I can regain access to the management console.
When I execute the initial command to obtain the thumbprint I get an error.
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List
The error told me the certificate with thumbprint xxxxxxxxxxxxx was not found.
Should I run the renewal command to create a new OAuth cert using the thumbprint displayed in the error message, or should I run it using the thumbprint viewable in the current certificate properties? My certificate was valid till 2027 but my Windows 2019 Core server did updates (2 Feb 2022) and rebooted and after the reboot ecp and owa was broken. In the event log, i could see constant info messages to say that all the exchange items were either missing or corrupt. To fix this, i ran the commands to create a new OAuth certificate, removed the old one and then rebooted. I then re-ran the CU11 security update from January 2022 and rebooted again. It took a while but Exchange 2019 was happy again and both ecp and owa working fine. (Edward van Biljon - Office Apps & Services MVP)
- I've gotten the error, followed the steps to a "T" and fixes itself but a day or two later it errors back out. Renewed the cert and cleared the old one. Restarted both pools, also IIS pool. Think I've repeated these steps 3 times now. Anyone still have issues like this?
- You can cahnge system time to UTC or wait to update your time zone to utc sync. If you cahnge it to UTC it's work instantly.
Ran into the same issue with the October update. In our case, the Exchange Server Auth Cert was not expired, but it was never properly activated and published. The posted solution worked like a charm without any delays.
- OAuth certificate has been expired and I am trying renew from exchange management shell and I am getting error like network services did not have permission like that. However I can see the certificate in personal folder.
I am not able to assign this certificate. please advice how do I fix this issue- Picture with error message ?
Something in évent viewer?
Can tout try as domain admin?
Is your user member of exchange admins ?
Nikolas_Athanasakis This solution worked for me with Exchange 2016 CU20. After installing several security updates today I experienced the same problem. I followed the instructions in the link and after restarting the two WebAppPools, OWA and ECP started working immediately. Thanks!
I have the same error, I just update Exchange2016-KB5004779-x64-en for my Exchange 2016 CU20.
I take following my OAuth cert do not expire.
Help please
Hello all,
I installed Exchange 2013 CU23 on our standalone server and got the same issue:
Exception type: ExAssertException Exception message: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
The Exchange Auth certificate wasn't expired though. Anyway I tried generating a new certificate and publish it. It didn't resolve the issues. Even after 2 hours of waiting.
After all (before trying the last resort option to uninstall CU23) I tried using the old valid certificate and published it using the same procedure as described here.
After that OWA and ECP returned back to life.
With the best regards,
Marat
