Office365/ Exchange OAuth errors after replacing TLS certificate
Table of Contents
A customer of mine asked for help to analyse a weird OAuth error. They are using a Microsoft Dynamics 365 Outlook plugin, which came up with an error:
“Can’t connect to Exchange”
In addition to this, they also faced an issueaccessing shared calendars of Exchange Online mailboxes.
Clearly an OAuth error. So we ran the Hybrid Connection Wizard again, which finished without any errors. But the errors persisted. Next stop: OAuth configuration.
We logged into one of the Exchange servers, started an Exchange Management Shell and checked the current OAuth configuration:
[PS] C:\Windows\system32>Get-AuthConfig RunspaceId : e7c560cd-8316-4d9c-b97d-f4358d665e7d CurrentCertificateThumbprint : CA420022ACC542D3AF7598456615715E98FFE986 PreviousCertificateThumbprint : E7B56BEAF4704BCBBF8C297F1D8D000215679C6F NextCertificateThumbprint : NextCertificateEffectiveDate : ServiceName : 00000002-0000-0ff1-ce00-000000000000 Realm : DeploymentId : IssuerIdentifier : Name : Auth Configuration AdminDisplayName : ExchangeVersion : 0.20 (15.0.0.0) DistinguishedName : CN=Auth Configuration,CN=EXORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=tld Identity : Auth Configuration Guid : 911b6246-6248-4278-91be-1b7b4943d2f1 ObjectCategory : mlnetwork.local/Configuration/Schema/ms-Exch-Auth-Auth-Config ObjectClass : {top, container, msExchContainer, msExchAuthAuthConfig} WhenChanged : 11.04.2020 12:33:12 WhenCreated : 27.02.2015 14:24:37 WhenChangedUTC : 11.04.2020 10:33:12 WhenCreatedUTC : 27.02.2015 13:24:37 OrganizationId : Id : Auth Configuration OriginatingServer : DC01.domain.tld IsValid : True ObjectState : Unchanged
The CurrentCertificateThumbprint was the thumbprint of the old certificate. So we had to update it.
Set-AuthConfig -NewCertificateThumbprint 45CCEEDFAAB00F3A4312FF56774FA3B3412B9C (get-date)
Set-AuthConfig -PublishCertificate
iisreset /noforce
Set-AuthConfig -ClearPreviousCertificate
After the iisreset, the Dynamics plugin and the Exchange Online calendars started to work again.