The proxy request failed because an SSL certificate on the destination Client Access server is not valid
Topic Last Modified: 2007-11-16
The Microsoft Exchange Server 2007 Management Pack for Microsoft Operations Manager (MOM) monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.
To learn more about this event, do one or more of the following:
Review the description of the event that includes the variables specific to your environment. From the MOM Operator Console, select this alert, and then click the Properties tab.
Review all events that have been logged that meet the criteria of this MOM alert. From the MOM Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description.
Details
Product Name |
Exchange |
Product Version |
8.0 (Exchange Server 2007) |
Event ID |
1035 |
Event Source |
MSExchange ActiveSync |
Alert Type |
Warning |
MOM Rule Path |
Microsoft Exchange Server/Exchange 2007/Client Access/ActiveSync |
MOM Rule Name |
The proxy request failed because an SSL certificate on the destination Client Access server is not valid. |
Explanation
This Warning event is logged if the Client Access server that issued a proxy request to another Client Access server failed because a certificate is not valid on the Client Access server that received the request. Proxy requests occur when users use a Client Access server that is not in the same site as their mailbox. In this situation, the request is proxied to a Client Access server that is in the same site as the mailbox.
This event is logged if the following conditions are true:
The proxy request to the receiving Client Access server is configured to use Secure Sockets Layer (SSL). By default, proxy requests do not use SSL. To use SSL, you must make a configuration change in the registry to force certificate checking when a proxy request is sent to another Client Access server.
The certificate is not valid. For example, the certificate is self signed.
User Action
To resolve this warning, follow one of these steps:
Install a valid certificate on the Client Access server that receives the proxy requests. A valid certificate must contain a valid host name. In addition, it must be signed by a recognized certification authority. In this scenario, a valid host name is the internal host name.
Configure Microsoft® Exchange Server to let you use non-valid (or self-signed) certificates in the proxy scenario. To do this, you must make a registry configuration change on the Client Access server that receives the proxy requests. Do the following:
Caution Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
Start Registry Editor (regedit).
Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA\
Edit the AllowInternalUntrustedCerts key so that the certificate will not be checked. One way to do that is to make sure that the AllowInternalUntrustedCerts key is not present. Alternatively, you can change the data value of Value data of the AllowInternalUntrustedCerts key to 1.
Exit Registry Editor.
Note You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect.
For More Information
To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.
To review Exchange 2007 event message articles that may not be represented by Exchange 2007 MOM alerts, see the Events and Errors Message Center.
If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.