You can't access OWA or ECP after you install Exchange Server 2016 CU8

Applies to: Exchange Server 2016 Enterprise EditionExchange Server 2016 Standard Edition

Symptoms


After you install and upgrade to Microsoft Exchange Server 2016 Cumulative Update 8 (CU8), you can't access Outlook Web App (OWA) or Exchange Control Panel (ECP), and you receive the following error message:

:-( Something went wrong
We can't get that information right now. Please try again later.
X-ClientId: ClientID
X-FEServer: ServerName

In addition, the following events information is recorded in the Application log of the Exchange server that hosts the mailbox database:

Log Name: Application
Source: MSExchange OAuth
Event ID: 2004
Task Category: Configuration
Level: Warning
Keywords: Classic
User: N/A
Computer: mail.contoso.com
Description:
Unable to find the certificate with thumbprint CertificateValue in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.

Note There is a similar issue, see You can't access OWA or ECP after you install Exchange Server 2016 CU6.

Cause


This issue occurs if the Exchange Server Auth certificate that's used for OAuth signing is missing from the Exchange Server. You can run the following command to check whether the certificate is missing:
Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

Resolution


For Exchange Server 2016, install Cumulative Update 9 or a later cumulative update for Exchange Server 2016.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology that Microsoft uses to describe software updates.