This walks through the testing and debugging I went through. If you want to skip this and move directly to the answer, it was to recreate the certificates (see the bottom of the blog). Note, Google search results offered solutions that caused me to spin my wheels. Before you try my solution, I urge you to ensure that your problem is the same as my problem.
What I tried:
Set TimeZone and Language. We provisioned a few test user mailboxes and started the insertion without first logging into those mailboxes. A quick Google search suggested the problem is due to incompletely configured mailboxes, i.e., no time zone and language. The typical workflow: the user should be redirected to , choose the correct setting and then return. But not for us. The Exchange Shell command, Set-MailboxRegionalConfiguration, without success.
Get-Mailbox myuser | Set-MailboxRegionalConfiguration -Language 1033
-TimeZone "Eastern Standard Time"
"Test-OWAConnectivity" -- It's removed in Exchange 2016!
Check the event log.
a) Looking at errors. Came across. Can't find the URL officeclient.microsoft.com? A MSExchangeApplicationLogic Error 3018. It can't get out to the internet?
Set proxy, -- no change:
Set-ExchangeServer Server01 -InternetWebProxy http://10.3.3.3:80
b) Many Event 1309 Warnings
I was looking for errors -- but broadened the filter to include warnings. I found many problems with Asp.Net.4.0.30319.0
This warning pointed me to a MS Support article: Event ID 1309 and you can't access OWA and ECP after you install Exchange Server 2016 or Exchange Server 2013. It suggests "SharedWebConfig.config" is missing from the FrontEnd and ClientAccess. The files are present. Recreating them one-at-a-time and restarting IIS made no difference.
OK, that didn't work. onto the next one
c) Many 2004 Warnings -- Unable to find Certificate with thumbprint....
Checking Get-ExchangeCertificate, and Get-AuthConfig, I see the authCOnfig has the certificate, but not the Exchange Certificate. This is getting closer!
What finally worked -- Create a new "Microsoft Exchange Server Auth Certificate":
* Don't replace the SMTP certificate
* Note the thumbprint of the new certificate
* Put in place
Set-AuthConfig -NewCertificateThumbprint EZxxxxx –NewCertificateEffectiveDate $a
* Remove reference to the old certificate