Microsoft Exchange Server çalıştıran bir sunucuya yüklenen güvenlik güncelleştirmesi yükledikten sonra, (özellikle de KB5004778 ) Outlook Web Access (OWA) ve Exchange Control Panel (ECP) ve her iki uygulama da sunucuda çalışmayı durdururuyor. Bu hatalar, güvenlik güncelleştirmesi User Access Control’un (UAC) etkinleştirildiği ancak yükseltilmiş izinler kullanılmadan bir sunucuya manuel olarak yüklendiyse oluşmaktadır.
OAuth sertifikasının (Microsoft Exchange Server Auth Certificate) süresi dolduğunda tetikleniyor gibi görünüyor, ama Microsoft tam olarak bunu özetleyen bir makale yayınladı, OWA/ECP ‘nin OAuth sertifikanızın süresi dolduğunda çalışmayı durduruyor. Bu sorunu çözmek için aşağıdakileri gerçekleştiriniz.
Bu hata’ya ait event log içeriği;
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 1/28/2022 11:46:24 PM
Event time (UTC): 1/28/2022 8:46:24 PM
Event ID: b42d65709d0b406a9fa9a7dfc06ee71b
Event sequence: 7
Event occurrence: 6
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT/owa-1-132878760844657710
Trust level: Full
Application Virtual Path: /owa
Application Path: E:\Exchange Server\V15\FrontEnd\HttpProxy\owa\
Machine name: EXC01
Process information:
Process ID: 644
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Exception information:
Exception type: ExAssertException
Exception message: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters)
at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssert[T1,T2](Boolean condition, String formatString, T1 parameter1, T2 parameter2)
at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()
at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()
at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays)
at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer)
at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b__0()
at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func`2 filterDelegate, Action`1 catchDelegate)
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(Action method)
Request information:
Request URL: https://localhost:443/OWA/auth.owa
Request path: /OWA/auth.owa
User host address: ::1
User: KADIRKOZAN\HealthMailboxbd49d4d
Is authenticated: True
Authentication Type: Basic
Thread account name: NT AUTHORITY\SYSTEM
Thread information:
Thread ID: 39
Thread account name: NT AUTHORITY\SYSTEM
Is impersonating: False
Stack trace: at Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters)
at Microsoft.Exchange.Diagnostics.ExAssert.RetailAssert[T1,T2](Boolean condition, String formatString, T1 parameter1, T2 parameter2)
at Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()
at Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()
at Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays)
at Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication)
at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer)
at Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass280_0.<OnCalculateTargetBackEndCompleted>b__0()
at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(Action tryDelegate, Func`2 filterDelegate, Action`1 catchDelegate)
at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(Action method)
Custom event details:
Exchange Management Shell aracını run-as-administrator yetkisi ile çalıştırınız.
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "kadirkozan.com.tr"
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName @()
Set-AuthConfig -NewCertificateThumbprint "Thumbprint" -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Restart-Service MSExchangeServiceHost
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPoolGet-ExchangeCertificate -thumbprint "Thumbprint" | New-ExchangeCertificate
Not : Bu işlemleri yaptıktan sonra mutlaka en az 3 saat bekleyiniz. Yapılan bu değişikliğin ECP ve OWA tarafında etkin olması zaman alacaktır.