OWA/ECP Exchange Server site error after configuring AD FS as an authentication method

2024-12-17T18:50:38.03+00:00

Good day!

Given:

Hyper-V VM running Windows Server 2022

Exchange Server 2019 CU9

is installed on it The SSL certificate is universal: *.chuc228.ru

Addresses:

https://mail.chuc228.ru/owa/

https://mail.chuc228.ru/ecp/

I have configured AD FS as an authentication method. After configuring and restarting the Web Server, the following error is displayed when logging in to the site, including localhost:

Server error in the application '/owa'.

Encryption certificate is absent

Description: An unhandled exception when executing the current web request. Examine the stack trace for more information about this error and the code snippet that caused it.

Information about the exception: Microsoft.Exchange.Security.Authentication.AdfsConfigurationException: Encryption certificate is absent

Source error: An unhandled exception when executing the current web request. Information about the origin and location of the exception can be obtained using the following exception stack trace.

Stack Tracing: [AdfsConfigurationException: Encryption certificate is absent] Microsoft.Exchange.Security.Authentication.Utility.GetCertificates() +3405252 Microsoft.Exchange.Security.Authentication.AdfsSessionSecurityTokenHandler.CreateTransforms() +13 Microsoft.Exchange.Security.Authentication.AdfsFederationAuthModule.FederatedAuthentication_ServiceConfigurationCreated(Object sender, ServiceConfigurationCreatedEventArgs e) +155 Microsoft.IdentityModel.Web.FederatedAuthentication.get_ServiceConfiguration() +184 Microsoft.IdentityModel.Web.HttpModuleBase.Init(HttpApplication context) +18 System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +587 System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +173 System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +255 System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +347 [HttpException (0x80004005): Encryption certificate is absent] System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +552 System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +122 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +737

Version Information: The Microsoft platform .NET Framework, version:4.0.30319; ASP.NET , version:4.8.4770.0

I've tried everything: changing the certificate, and so on, nothing helps, everything is useless .

I don't understand what kind of certificate he wants from me, there are several of them.

I did it according to the instructions: Using authentication based on AD FS claims with Outlook Web App and the Exchange Administration Center | Microsoft Learn

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,385 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,282 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jake Zhang-MSFT 7,925 Reputation points Microsoft Vendor
    2024-12-18T08:13:32.1566667+00:00

    Hi @Пахомов Кирилл Евгеньевич,

    Welcome to the Microsoft Q&A platform!

    Based on your description, you are experiencing a common problem with AD FS and Exchange Server 2019. The error "Encryption certificate is missing" usually means that the encryption certificate required by AD FS is missing or incorrectly configured.

    You can follow the steps below to resolve this issue:

    1. Make sure the AD FS server has the correct encryption certificate installed and configured. You can check this in the AD FS management console under Services > Certificates.
    2. Make sure the Exchange server has the necessary certificates installed. You can list the certificates in the Exchange Management Shell using the following command:
    Get-ExchangeCertificate | fl Issuer,CertificateDomains
    
    1. Make sure that the AD FS configuration in Exchange correctly points to the AD FS server and that the certificate is correctly referenced. You can update the AD FS configuration using the following PowerShell command:
    Set-AdfsProperties -CertificateThumbprint "<YourCertificateThumbprint>"
    
    1. If any certificates have expired, you need to renew or replace them. This includes the self-signed Microsoft Exchange Server Auth certificate, which can cause issue 1 if expired.
    2. After making changes to certificates or AD FS configuration, restart the related services on the AD FS and Exchange servers.

    Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

    Best,

    Jake Zhang


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.