Symptoms
When you try to sign in to Outlook on the web or the EAC in Exchange Server, the web browser freezes or reports that the redirect limit was reached. Additionally, Event 1003 is logged in the event viewer. For example, the following entry is logged:
Event ID: 1003
Source: MSExchange Front End HTTPS Proxy
[Owa] An internal server error occurred. The unhandled exception was: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)Cause
This issue occurs if the Exchange Server Open Authentication (OAuth) certificate is expired, not present, or not configured correctly.
Resolution
To Resolve this problem carry out the following:
- Open Exchange Management Shell as Administrator
- Run the following command. (Replace contoso.com with your SMTP domain)
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "contoso.com"3. Take note of your thumbprint, you’ll need it for the next command. Now run the rest of the commands.
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Restart-Service MSExchangeServiceHost
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool4. If you have multiple Exchange servers, you’ll need to run the following commands on each of them, but wait for the new Exchange Auth Certificate to be replicated to them first.
Restart-Service MSExchangeServiceHost
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPoolWait, this can take a few hours-48hours to replicate across (more than the one hour Microsoft state), but then everything will start working again. If you wish to confirm each server is aware of the new Auth configuration you can run “Get-AuthConfig” and validate the Thumbprint and effective date match your new certificate and the time you executed the first “Set-AuthConfig” command respectively. If you have a Hybrid Exchange environment you need to rerun the “Hybrid Configuration Wizard” again to update these changes to Azure Active Directory.
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-ListGood luck
Link Reference: https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
Phương Nguyễn
4 Comments
Thanks for your blog, nice to read. Do not stop.
After I initially commented I clicked the -Notify me when new comments are added- checkbox and now each time a remark is added I get 4 emails with the same comment. Is there any method you can take away me from that service? Thanks!
Nice post. I study one thing more difficult on different blogs everyday. It will always be stimulating to read content material from other writers and follow somewhat one thing from their store. I抎 prefer to make use of some with the content on my blog whether you don抰 mind. Natually I抣l give you a hyperlink on your net blog. Thanks for sharing.
This web page can be a stroll-through for all the data you wanted about this and didn抰 know who to ask. Glimpse here, and also you抣l undoubtedly uncover it.
Comments are closed for this article!