Have you ever tried to access OWA account and come across this Exchange error? ’Federation or Auth certificate not found: “Certificates-thumbprint.” Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig. The certificate may take time to propagate to the local or neighboring sites.’
This error is for a missing Exchange Certificate – Auth certificate which is a self-signed certificate meant for connection and authentication of Exchange with other servers such as SharePoint, Lync, and more. When any users installs the Exchange Server, such certificates are created at that time and can be reached out at servers > certificates in the Exchange Admin Center. But users sometimes receive this error even after the Exchange Server is successfully installed.
The Exchange ‘Auth Certificate’ is now missing as per the error and it can be resolved manually which you are going to find next here.
Resolving ‘Auth Certificate Missing’ Error in Exchange 2013/2016
Exchange users can take help from the Exchange Management Shell cmdlets to create a new Authorization Certificate for their Exchange Server. To perform this, user must be the Exchange administrator or have related rights and should have technical skills to execute with the cmdlets in the Exchange Management Shell. It is advised to perform this process under the supervision of senior or Exchange skilled person.
Check out the process
- Start the Exchange Server 2013 or 2016 system. Search for the Exchange Management Shell application in the search bar. On the result, right-click and select the option Run as administrator.
- The Exchange Management Shell screen will be displayed.
- First, run this command as it is to create a new Auth certificate for your Exchange Server. The common syntax is..
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “CN= Microsoft Exchange Server Auth Certificate” -DomainName “*.enterdomainname.com” -FriendlyName “Microsoft Exchange Server Auth Certificate” -Services SMTP
Note: Provide the domain name and address for your Exchange Server account in the above command.
Output: After running the command, a question would be displayed as the output that if you want to replace this newly created certificate with the existing SMTP certificate available in the Server.
- Here, we do not need to replace this certificate, so type N and press Enter to execute it.
Output: A thumbprint for the Auth Certificate of Exchange Server with alphanumeric code will get created which is required to be noted down by the user separately (to notepad or other location).
- Save the present date to this process with the following command.
$date = Get-Date
- The Auth Certificate configuration settings can be performed by running this command.
Set-AuthConfig -NewCertificateThumbprint <certificate_thumbprint> –NewCertificateEffectiveDate $date
Note: Enter the earlier copied certificate thumbprint (alphanumeric code) in the above command in step 4 in place of <certificate thumbprint>.
Output: A confirmation question to continue the date as the effective date for the certificate will be displayed.
- Type Y and press Enter to confirm the effective date.
- Now, it is the time to publish the Exchange Auth Certificate. So, run this command.
Output: This command execution may result into a question asking to clear or delete the earlier installed Exchange Auth Certificate (if there).
- Run the following command to clear the previous Exchange Auth Certificate installed in your system.
- Now, you need to run the Command Prompt as an administrator and execute this command for running the IIS services.
As mentioned before also, this method seems quite technical and need expert guidance to be completed. So, it is recommended to work under your senior in the organization who has adequate knowledge to deal with Exchange Management Shell cmdlets.
We hope, you got relieved with the above mentioned process to resolve ‘Auth Certificate Missing Error’ in Exchange 2016/2013 and if not, then we suggest you to refer the team expert for this.
Many Exchange Server errors are encountered by the users regularly with the corruption in Exchange database files as the main reason for it. Corruption in EDB (Exchange database) files can be programmatic or logical which may go beyond a level where accessing the data becomes impossible for the users. It becomes out of way for users to fix it with the manual solutions. Here, only a reliable and result-driven tool can be your help.
Choose the Exchange Recovery tool to repair your corrupt Exchange EDB files and save the required mailbox items to the selected destination. The solution ensures complete integrity and security to the recovered mailboxes while saving it to the chosen destinations. Visit the website and find out its features in more detail.
Advantages of MS Exchange Auth Certificate
- Auth certificate is an industry standard authentication protocol which is necessary to all.
- A third party provider will manage the Authentication. Your application will not have to collect and store the Exchange credentials.
- It is a little bit worries for you because your application only receives an opaque token and accepts user’s Exchange credentials from the Authentication provider, so a security separation in the application can only expose the token not the user’s Exchange credentials.
Recreating the Exchange Auth Certificate manually is described as the solution to resolve the ‘Auth Certificate Missing’ error in the latest Exchange Server versions. And an optimal solution choice to deal with all Exchange Server errors occurred due to the corrupted EDB files is mentioned as a recommendation.
- Perform Soft & Hard Exchange Recovery using Eseutil Commands
- Free Methods to Convert Exchange EDB to PST File
- Steps for Restoring MS Exchange Mailbox Database to a New Server
- How to Delete Exchange Online User Mailboxes Temporarily or Permanently?
- How to Search and Delete Emails from Mailboxes of Exchange Server?