Unable to access attachment preview post integration of Exchange 2016 and Office Online Server

Scenario:

We were getting following error while a user from Exchange 2016 was trying to see the attachment preview after Exchange 2016 and OOS integration.

An error occurred while the document preview was being created. Please try again later

 oos

While checking the application logs we saw the following error in Event viewer:

Log Name:      Application
Source:        MSExchange OAuth
Date:          4/13/2017 4:04:01 PM
Event ID:      2004
Task Category: Configuration
Level:         Warning
Keywords:      Classic
User:          N/A

Computer:      EXC2016.contoso.com
Description: Unable to find the certificate with thumbprint DB50F584B3D9175702573349D29079A3D01CE712 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.

 

Log Name:      Application
Source:        MSExchange Certificate Deployment
Date:          4/13/2017 3:59:01 PM
Event ID:      2005
Task Category: General
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      EXC2016.contoso.com
Description: Federation or Auth certificate not found: DB50F584B3D9175702573349D29079A3D01CE712. Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig.  The certificate may take time to propagate to the local or neighboring sites.

Run the  following command to check if the OAuth Certificate is present or not in the exchange server.

(Get-AuthConfig).currentcertificateThumbprint | Get-ExchangeCertificate

A special Rpc error occurs on server EXC2016: The certificate with thumbprint DB50F584B3D9175702573349D29079A3D01CE712 was not found. + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException + FullyQualifiedErrorId : [Server= EXC2016,RequestId=0db72699-4351-447b-8872-6f2cfc38db38,TimeStamp=9/12/201 6 3:09:29 PM] [FailureCategory=Cmdlet-InvalidOperationException] CC821A5F,Microsoft.Exchange.Management.SystemConf igurationTasks.GetExchangeCertificate + PSComputerName        : EXC2016.contoso.com

FIX:

We ran the following command on the Exchange server

New-ExchangeCertificate -server "EXC2016" -PrivateKeyExportable $true

Set-AuthConfig -CertificateThumbprint "New Thumbprint" -Server "EXC2016"

We ran IISRESET on the Exchange server.

We tried and were able to access attachment preview.

Note:

OAuth certificate is generated at the time of first Exchange server installation in org and same certificate is copied to all subsequent servers.

You have to create the certificate by specifying only one Exchange server, then the certificate is copied to all the Exchange server using Microsoft Exchange Service Host service.

-Raghavendran KR