Resolve the ‘Auth Certificate Missing’ Error in Exchange 2016/2013

Microsoft Exchange Server Auth Certificate is a self-signed certificate that allows connection with other servers like Lync, SharePoint, etc. These certificates are created at the time of the installation of Exchange Server. Exchange administrators can get the certificates information through the Exchange Admin Center at servers > certificates. It needs to be renewed as it has an expiration date.

Issue
Many user queries say that they have a successful deployment of their Exchange Server version, but when they try to access OWA, an error pop up like this.
’Federation or Auth certificate not found: “Certificates-thumbprint.” Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig. The certificate may take time to propagate to the local or neighboring sites.’
The error itself describes that the certificate is missing or cannot be configured. This disturbs the server to server authentication and communication and even blocks accessing those servers.

Fix Microsoft Exchange Server Auth Certificate Missing Error

This issue of missing Exchange Server Auth Certificate can be resolved by creating a new certificate using cmdlets in the Exchange Management Shell. The process of running cmdlets requires technical knowledge as well as great care to avoid any further error. Also, the user must have Exchange administrator rights to perform this procedure. If you have all this, start the process as instructed below:

1. Open the Exchange Management Shell on your Exchange 2016/2013 server.
2. Run this command to create a new Exchange Auth certificate.New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “CN= Microsoft Exchange Server Auth Certificate” -DomainName “*.enterdomainname.com” -FriendlyName “Microsoft Exchange Server Auth Certificate” -Services SMTPFor example:

3 Once, the above command is run, it will ask you if you want to overwrite the existing default SMTP certificate. Type N and press Enter.

A certificate thumbprint will get created here. You need to note down this alpha-numeric certificate thumbprint somewhere as you would require it in the next cmdlet.

Run this next command to save the present date to the object.

$date = Get-Date

Now, to set the authentication configuration for Exchange, execute the following cmdlet.

Set-AuthConfig -NewCertificateThumbprint <certificate_thumbprint> –NewCertificateEffectiveDate $date

When you execute the above command, it asks to confirm regarding the effective date of the certificate. Confirm it by typing Y and pressing Enter.

6.Next command should be run to publish the new created Exchange Auth certificate.

Set-AuthConfig –PublishCertificate

Note: If you have any previously installed Exchange certificate, you need to clear it with the following command.

Set-AuthConfig -ClearPreviousCertificate

1. Finally, run this cmdlet to reset the ISS service for all CAS and mailbox servers.IISRESET

Thus, you can fix the error ‘the Exchange Auth Certificate is missing.’