none
Exchange 2016 CU6 ECP/OWA not working

    Question

  • Hi,

    I am installing CU6 in lab (cleanly installed AD and Exchange) but new installation just dont work, resp. ECP and OWA does not work. Login page is ok but after login "Something went wrong" 500 error occurs. I also see thins in log:
    ---------------------------------------
    ASP.NET 4.0.30319.0
    Event 1309
    event code 3005 
    Unhandled exception
    TargetInvocationException
    .
    .
    Encryption certificate is absent
    --------------------------------------
    And its on backend side (owa on port 444), but in IIS there is an certificate assigned to 444 binding. It's self signed Exchange certificate assigned during installation. It has usage: Digital Signature, Key Encipherment.

    Where could be the issue? Certificate should have also data encipherment or what? I need very simple lab environment so I do not have CA here. Think fresh Exchange should be running out of the box after install. Thanks for help.
    Tried also CU5 and works fine. 

    Pete


    sfs

    Monday, July 17, 2017 3:47 PM

Answers

  • Hi,

    Get-Certificate shows correct assignment but still did not work. After running Enable-Certificate with same thumbprint, Exchange went up. Thank you.

    Pete


    sfs

    • Marked as answer by fandango71 Tuesday, July 18, 2017 2:24 PM
    Tuesday, July 18, 2017 2:24 PM

All replies

  • Fandango71,

    Did you check to see what certificates are assigned to what by utilizing the Get-ExchangeCertificate cmdlet?

    Very Respectfully,
    Dana Garcia - MCP (Designing and Deploying Microsoft Exchange Server 2016)

    Monday, July 17, 2017 5:38 PM
  • Hi Pete,

    Based on my searching, the absent certificate could be the OAuth certificate, and with Event ID 2004 or 2005 in your event log at the same time.

    If as I suspect, you can refer to the following article to create a new OAuth certificate and use it, then restart the IIS services (or restart the server) to check again:

    Exchange Troubleshooting: Federation or Auth certificate not found

    Note, we may need to wait hours to let the change take affect.

    Best Regards,


    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, July 18, 2017 8:54 AM
    Moderator
  • Hi,

    Get-Certificate shows correct assignment but still did not work. After running Enable-Certificate with same thumbprint, Exchange went up. Thank you.

    Pete


    sfs

    • Marked as answer by fandango71 Tuesday, July 18, 2017 2:24 PM
    Tuesday, July 18, 2017 2:24 PM
  • Any more detailed info Pete?

    Got the same issue, tried re-enabling the auth cert and re-creating etc but still no good.

    Thanks in advance!
    Wednesday, July 19, 2017 1:58 AM
  • Hi

    That's work for me (Fresh Windows Server 2016 AD install + Exchange 2016 CU6 install)

    1. Recreate %Exchangeinstallpath%\ClientAccess\OWA\web.config. I copied content from existing file, delete it, create emptyone and put saved content to it. I think, this step is unnecessary, but I had no time to test it

    2. Run .\updatecas.ps1 from bin folder

    3. iisreset.exe

    All worked. Thank's to Daniel Spohn

    https://blogs.technet.microsoft.com/rmilne/2017/06/27/exchange-2016-cu6-released/

    Sunday, July 30, 2017 8:29 PM