Exchange
United States - English
Home
Online
2010
2007
2003
Library
Forums
Partners
EHLO Blog
1 out of 2 rated this helpful - Rate this topic

The proxy request did not authenticate

Topic Last Modified: 2007-11-16

The Microsoft Exchange Server 2007 Management Pack for Microsoft Operations Manager (MOM) monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.

To learn more about this event, do one or more of the following:

  • Review the description of the event that includes the variables specific to your environment. From the MOM Operator Console, select this alert, and then click the Properties tab.
  • Review all events that have been logged that meet the criteria of this MOM alert. From the MOM Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description.

Product Name

Exchange

Product Version

8.0 (Exchange Server 2007)

Event ID

1036

Event Source

MSExchange ActiveSync

Alert Type

Warning

MOM Rule Path

Microsoft Exchange Server/Exchange 2007/Client Access/ActiveSync

MOM Rule Name

The proxy request did not authenticate. Make sure that Integrated Windows authentication is enabled on the destination Client Access server.

This Warning event is logged when authentication fails between the Client Access server that sends a proxy request and the Client Access server that receives a proxy request. Proxy requests occur when users use a Client Access server that is not in the same site as their mailbox. In this situation, the request is proxied to a Client Access server that is in the same site as the mailbox.

This event may be logged when the receiving Client Access server cannot validate the proxy request from the sending Client Access Server. In this scenario, the sending Client Access Server authenticates itself as a local system user on a server that is running Microsoft® Exchange Server. All Exchange servers are members of the local system security group. The receiving Client Access server can only request this authentication information through Microsoft Windows® Integrated Authentication. If an administrator has turned off Microsoft Windows® Integrated authentication, proxy requests can no longer function.

To make sure that Windows Integrated Authentication is turned on, do the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. In Internet Information Services (IIS) Manager, in the console tree, click Web Sites.
  3. In the console tree, click to expand the Default Web Site.
  4. In the console tree, right-click Microsoft-Server-ActiveSync, and then click Properties.
  5. On the Directory Security tab, under Authentication and access control, click Edit.
  6. Make sure that the Enable anonymous access option is not selected.
  7. Select Integrated Windows authentication option, and then click OK.
    Note   You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect.

To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.

To review Exchange 2007 event message articles that may not be represented by Exchange 2007 MOM alerts, see the Events and Errors Message Center.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ
This change needs to be made in the ESM and not through IIS

When you make the change in IIS it writes it to the local IIS metabase on the server. There is a process on the Exchange 2003 servers called DS2MB which replicates the settings from Active Directory into the local IIS metabase on a server. If you make the change in IIS instead of AD, the information in the metabase will then be overwritten by the information in AD when DS2MB runs. Poof… no more Integrated Windows Authentication. When you set it in the ESM it writes it to active directory and back to the IIS metabase.

You need to update the ESM with the KB937031 before you can follow the steps below in the ESM

1. Start the ESM and expand Administrative Groups, expand your admin group, and then expand Servers.
2. Expand the server name, expand Protocols, and then expand HTTP.
3. Expand Exchange Virtual Server, right-click Microsoft-Server-ActiveSync, and then click Properties.
4. Click the Access tab, and then click Authentication.
5. Click to select the Integrated Windows Authentication check box.
6. Click OK two times.

History