34.1 C
Sunday, June 23, 2024

Outlook Web App X-OWA-Error ExAssertException

Once installing Exchange 2016 Cu8 on Windows Server 2012 R2 gave error on OWA.

ECP will work if administrator doesn’t have a mailbox. else even ecp will throw the same error.


An unexpected error occurred and your request couldn’t be handled.
X-ClientId: F554643C29C44C22B59A1DF6E706EB91
request-id bd391bdf-5057-4d0e-8a4d-c5a4f42f22d2
X-OWA-Error Microsoft.Exchange.Diagnostics.ExAssertException
X-OWA-Version 15.1.1415.2
X-FEServer EXCH2016
X-BEServer EXCH2016

Search for Event 2004 to make sure you are having issues with the auth certificate-

Log Name:      Application
Source:        MSExchange OAuth
Event ID:      2004
Task Category: Configuration
Level:         Warning
Computer:      EXCH2016.careexchange.in
Unable to find the certificate with thumbprint A9BBA1727F285CD86EB5785DF47C0A19DA997280 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.

Solution –

  • Creating a new Exch Auth Certificate.  Resolved the issue.

Ran below , Saw Auth certificate missing.

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

Created a new certificate . Change to your default domain on the end of the command.

New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "careexchange.in"

Say no to Replace SMTP Certificate.



Set-AuthConfig –PublishCertificate
Set-AuthConfig –ClearPreviousCertificate

Then run

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

verified auth certificate created successfully.  Do iis reset.  wait for few hours if its a large environment. it should resolve the same.


Run below if still issue persists.

  • Locate bin folder and run updatecas.ps1 and updateConfigfile.ps1 resolved for few others.


Other things i have tried –

  • Took Backup – Tried Removing msExchCanaryData0/1/2. No luck


  • Uninstall and re install the server. No Luck
Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles


  1. I am having the similar issue on the newly installed exchange 2016 cu8 , did you found any solution or is the bug with the CU8 release ?

    Since CU8 was just released 2 weeks back and not many users have had a chance to test it.

    I am planning to install CU7, could you please let me know if this issue is not present in CU7?

  2. Same here, have tried this and still doesn’t work. Fresh Server 2016, Fresh Exchange 2016, following installation processes published on TechNet. Do Microsoft actually have any testers? Because surely it should work out of the box?

  3. I got the solution for people still encountering the issue after applying above, it’s important you follow step by step:

    1. Delete any previous created certificates.
    2. Create the new certificate as described above.
    3. Leave the ANSI edit story, no need for that.
    4. Once certificate is created go to your IIS manager.
    5. Select the Default Website and edit binding.
    6. Select the 443 * binding and change the certificate to the fresh created certificate.
    7. Do the same for the Exchange Back End, edit the 444 * binding and select the new certificate as well.
    8. Reboot server
    9. IMPORTANT: now run these commands: UpdateCas.ps1 and UpdateConfigFiles.ps1
    10. Reboot and enjoy your OWA working!

    (Currently on site at customer, brand new servers facing this issue, resolved it as we speak.

    • With your steps the OAUth certificate would not be changed!! These Steps are correct see:

      1.Create new OAuth certifikat:
      New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName “MyDomain.com”

      2.Set the created certificate to be used for server authentication by running the following commands:
      Set-AuthConfig -NewCertificateThumbprint “” -NewCertificateEffectiveDate (Get-Date)
      Set-AuthConfig –PublishCertificate
      Set-AuthConfig -ClearPreviousCertificate

      3.Restart the Microsoft Exchange Service Host Service:
      net stop MSExchangeServiceHost
      net start MSExchangeServiceHost

      4.IISReset oder recycle OWA and ECP APP pools:
      Restart-WebAppPool MSExchangeOWAAppPool
      Restart-WebAppPool MSExchangeECPAppPool

      Thats all…


Please enter your comment!
Please enter your name here