locked
Auth Certificate - Event Id 2004 RRS feed

  • Question

  • Hello All,

    I bought a new certificate for our exchange server "2016" and imported to all exchange servers "6 servers" and all domain controllers, but i found the following event in event viewer:

    Unable to find the certificate with thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxx in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.

    source: MSExchange OAuth

    event id: 2004

    I run this command: Get-Authconfig

    RunspaceId                    : dda92bb2-2d12-48c1-9d75-61ed8e9e65f9
    CurrentCertificateThumbprint  : Thumbprint for the new certificate
    PreviousCertificateThumbprint : Thumbprint for the certificate causing the warning

    I run the following commands: 

    Get-ExchangeCertificate | FL   but i could not find the certificate with the issue

    Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint  it shows the valid\ new certificate

    Get-ExchangeCertificate -Thumbprint "thumbprint causing warning" | Format-List * but return with the following error:

    A special Rpc error occurs on server SERVERNAME: The certificate with thumbprint
    7497BC4F4FD6E9979388ED052A7706CFE4597EBE was not found.
        + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
        + FullyQualifiedErrorId : [Server=SERVERNAME,RequestId=f54cf92d-f5cb-6789-nc3f-12e85d5c5352,TimeStamp=10/11/2020
        4:40:25 AM] [FailureCategory=Cmdlet-InvalidOperationException] 72528B9F,Microsoft.Exchange.Management.SystemConfi
      gurationTasks.GetExchangeCertificate
        + PSComputerName        : SERVERNAME.domain.com

    What else cpuld be done to solve this issue.

    Thank You

    Sunday, October 11, 2020 5:57 AM

All replies

  • Hi IICO2022,

    According to the error information you provide, this issue occurs if the Exchange server Auth certificate that's used for OAuth signing is missing from the Exchange server.
    Please try to following the steps in “Workaround” section in the link below to create a new OAuth certificate and see if the issue is resolved.

    For more information: https://support.microsoft.com/en-us/help/4036163/you-can-t-access-owa-or-ecp-after-you-install-exchange-server-2016-cu6

    Please note that, this Exchange Server Development forum mainly focuses on scripting issues, And the previous TechNet Exchange forum has been migrated to Q&A forum, please post your issues there if you need further support. 

    Regards,

    Lucas Liu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, October 12, 2020 8:44 AM
  • I followed the article but did not work.
    Wednesday, October 14, 2020 4:43 AM
  • Hi IICO2022,

    Have you run the following command line to assign the new certificate as Auth Config certificate, publish it, and finally clear the previous certificate? 
    In addition, we also need to run the IISRESET in CMD start as administrator to reset the IIS. It’s should be noted that if you have multiple servers, it may take up to a day to replicate this change to each server.

    Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
    Set-AuthConfig –PublishCertificate
    Set-AuthConfig -ClearPreviousCertificate

    Please note that, this Exchange Server Development forum mainly focuses on scripting issues, And the previous TechNet Exchange forum has been migrated to Q&A forum, please post your issues there if you need further support. 

    Regards,

    Lucas Liu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, October 15, 2020 9:43 AM