After apply Security Update (SU) on exchange server you get the error : “something went wrong” (error 500) when you try to work with OWA.
The two reasons for this error are :
- apply the SU without admin elevated permissions (run the msp file form “cmd window” without “run as administrator”)
- Missing or Expire Auth Certificate on exchange server or servers.
Solutions :
- if you apply the SU without elevated permissions , you need to reapply the SU in windows that has elevated permissions
- Auth Certificate:
- Find out what Exchange is using for the current auth certificate by running the following command:
Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint
If you get an error running the command above, it means that the patch changed your auth certificate or Exchange Auth Certificate got pointed to a wrong expired one, You need to point exchange back to the correct certificate.
First you need to create new cert :
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName @()
To replace or apply valid the correct certificate run:
- Set-AuthConfig -NewCertificateThumbprint <correctMSAuththumprint> -NewCertificateEffectiveDate (Get-Date)
2. Set-AuthConfig -PublishCertificate
3. Set-AuthConfig -ClearPreviousCertificate
Either run on all exchange servers the IISReset command to restart IIS or run (with elevated permissions)
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool
you should Delete the old Auth Cert (if it exist on all server).
The Solution for the New Cert can take some time 4-6 hours to fix the owa error , be patient.
SHMUEL H.