After updating several Exchange Servers uneventfully (2013 to CU23 and 2016 to CU21) and applying the related security updates KB5000871 and KB 5004779 both OWA and ECP stopped working on one particulat Exchange 2013 server.
After the update was completed, the following digital poison ivy was rubbed into my eyeballs on a Friday, at 4:59 pm 
.
Server Error in ‘/owa’ Application
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
I followed these steps as per Microsoft, however that did not fix the problem.
After some Web sleuthing, it appeared that my issue was related to the current certificate, just like a lot of other people experiencing the same problem. Once I figured out the underlying problem, the fix was pretty straight forward.
Running the following command from Exchange Powershell presented an error, idicating all was not well with the current certificate despite the fact that the current certificate was not expired. If you suspect that you may be experiencing the same issue, run this command:
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List
If it returns an error, you have a problem with your current certificate. The relatively easy fix is to create and set a new certificate by running these commands.
1. Create a new certificate
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName @()
2. Set the new certificate
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
3. Publish the new certificate
Set-AuthConfig -PublishCertificate
4. Clear the previous certificate
Set-AuthConfig -ClearPreviousCertificate
5. Restart IIS
IISRESET
Alvin Simpson