![Server Error in '/owa' Application.
ASSERT: HMACProvider.
Description: An the Of the current Please the Stack more informaEon the error it code
Exception Details: Microsoft. Exchange.Oiagnostics.ExAssedException: ASSERT:
Source Error:
Stack Trace:
[ExAssertException: ASSERT: +1ACProvider .GetCertificates
Microsoft. Exchange. Diagnostics .ExAssert.AssertInterna1(String formatString, Object[] parameters) +235
Microsoft. Exchange. Diagnostics .ExAssert.Retai1Assert(B001ean condition, String formatString, TI parameterl,
Microsoft. Exchange. Clients. Common.hnacprovider .GetCertificates() +359
Microsoft. Exchange. Clients. Common.HmacProvider .GetHmacProvider() +140
Microsoft. Exchange. Clients.Common.HmacProvider messageArrays) +14
Microsoft. Exchange.HttpProxy. FbaModu1e.SetCadataCookies(HttpApp1ication httpApplication) +1032
T2 parameter2) +90
Microsoft. Exchange.HttpProxy.FbaFormPostProxyRequestHand1er.Hand1eFbaFormPost(BackEndServer backEndServer) +3578
Microsoft. Exchange. Httpproxy. FbaFormPostProxyRequestHand1er. ShouldContinueProxy() +20
Microsoft. Exchange.HttpProxy.ProxyRequestHand1er.8eginProxyRequestOrReca1cu1ate() +256
Microsoft. Exchange.HttpProxy.ProxyRequestHand1er.Interna10nCa1culateTargetBackEndCompleted(TargetCa1cuIationCa11backBeacon beacon) +1528
Microsoft. +303
.1LUti1.DoTryFi1terCatch(Action tryDe1egate, Func'2 filterDe1egate, Action-I catchDe1egate) +35
Microsoft. Exchange. Common. IL
Microsoft. Exchange.HttpProxy.ProxyRequestHand1er.Ca11ThreadEntranceMethod(Action method) +59
[AggregateException: One or more errors occurred. ]
Microsoft. Exchange.HttpProxy.ProxyRequestHand1er.EndProcessRequest(IAsyncResu1t result) +413
System. Web. CallHand1erExecutionStep. InvokeEndHandler(IAsyncResu1t ar) +231
System.Web. CallHand1erExecutionStep. OnAsyncHand1erCompIetion(IAsyncResuIt ar) +172](https://www.cloudshark.nl/wp-content/uploads/2021/09/image-1024x534.png)
[Owa] An internal server error occurred. The unhandled exception was: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters) at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates() at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider() at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays) at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer) at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate() at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass3f.b__3e()at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
If you dit not prep your schema and AD before installing the CU you need to do it.
Go to the folder of the latest CU21 and run these commands.
setup.exe /Prepareschema /IAcceptExchangeServerLicenseTerms
setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
Microsofts solutions can be found here https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
check the status of your existing OAuth certificate
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List
Create a new OAuth certificate
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName @()
Set the new certificate for server authentication
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Restart the Microsoft Exchange Service Host Service
Either run the IISReset command to restart IIS or run the following commands
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool
And now wait several hours.
In some environments, it may take an hour for the OAuth certificate to be published. If you have a hybrid setup, you have to run the Hybrid Configuration Wizard again to update the changes to Azure Active Directory (Azure AD).