The Outlook Web Access proxy request failed because a trusted certificate for Secure Sockets Layer (SSL) encryption could not be found
Topic Last Modified: 2007-11-16
The Microsoft Exchange Server 2007 Management Pack for Operations Manager monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.
To learn more about this alert, if you are using Microsoft Operations Manager 2005, do one or more of the following:
From the Operator Console, select this alert, and then click the Properties tab. Review the description of the alert that includes the variables specific to your environment.
From the Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description. Review the events that have been logged that meet the criteria of this Operations Manager alert.
To learn more about this alert, if you are using System Center Operations Manager 2007, do one or more of the following:
From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.
From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the events that have been logged that meet the criteria of this Operations Manager alert.
Details
Product Name |
Exchange |
Product Version |
8.0 (Exchange Server 2007) |
Event ID |
43 |
Event Source |
MSExchange OWA |
Alert Type |
Critical Error |
MOM Rule Path |
Microsoft Exchange Server/Exchange 2007/Client Access/Outlook Web Access |
MOM Rule Name |
The Outlook Web Access proxy request failed because a trusted certificate for Secure Sockets Layer (SSL) encryption could not be found. For more information, see MSExchangeOWA event 43. |
Explanation
The Warning event indicates the computer that is running the Client Access server role could not proxy a Microsoft Office Outlook Web Access request from one Client Access server to a Client Access server that is located in a different Active Directory directory service site. This event occurs if the following conditions are true:
The security certificate presented by the remote proxying Client Access server is not trusted by the Client Access server that initiates the proxy request.
The Client Access server that initiates the proxy request does not allow untrusted security certificates for proxying.
In a Microsoft Exchange Server 2007 organization, a Client Access server can act as a proxy for other Client Access servers within the organization. This is useful if the following conditions are true:
Multiple Client Access servers are present in different Active Directory sites in an organization.
Only one Client Access server is exposed to the Internet.
By default, the proxying process allows the use of an untrusted security certificate to create a secure HTTPS connection. You can create the AllowInternalUntrustedCerts registry key to change the default behavior.
For more information about Outlook Web Access proxying and redirection, see Understanding Proxying and Redirection.
User Action
To resolve this warning, follow one of more of these steps:
Verify that the security certificate installed at Outlook Web Access virtual directories of the remote proxying Client Access server is from a trusted certifying authority.
Configure the Client Access server that initiates the proxy request to use an untrusted security certificate for proxying. You configure this setting by editing the registry.
Caution Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
In Registry editor, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
Double-click AllowInternalUntrustedCerts.
Under Value data, type 1.
Under Base, click Decimal.
Close Registry Editor.
Restart Internet Information Services (IIS) by using the command iisreset/noforce.
For More Information
To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.
To review Exchange 2007 event message articles that may not be represented by Exchange 2007 MOM alerts, see the Events and Errors Message Center.
If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.