Authentication of the connection to a domain on which Domain Security is enabled failed because the Transport Layer Security (TLS) certificate didn't contain the name of that domain

 

Topic Last Modified: 2007-11-16

The Microsoft Exchange Server 2007 Management Pack for Operations Manager monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.

To learn more about this alert, if you are using Microsoft Operations Manager 2005, do one or more of the following:

  • From the Operator Console, select this alert, and then click the Properties tab. Review the description of the alert that includes the variables specific to your environment.

  • From the Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description. Review the events that have been logged that meet the criteria of this Operations Manager alert.

To learn more about this alert, if you are using System Center Operations Manager 2007, do one or more of the following:

  • From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.

  • From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the events that have been logged that meet the criteria of this Operations Manager alert.

Details

Product Name

Exchange

Product Version

8.0 (Exchange Server 2007)

Event ID

11016

Event Source

MSExchangeTransport

Alert Type

Critical Error

MOM Rule Path

Microsoft Exchange Server/Exchange 2007/Common Components/Hub Transport and Edge Transport/Transport

MOM Rule Name

Authentication of the connection to a domain on which Domain Security is enabled failed because the Transport Layer Security (TLS) certificate didn't contain the name of that domain.

Explanation

This Error event indicates that a domain that is specified in the TransportConfig object as a domain-secured domain has sent a message that has a certificate that does not contain a valid domain name. To authenticate with Domain Security, the certificate that is used for the Transport Layer Security (TLS) session must include the fully qualified domain name (FQDN) of the domain in the Subject or Subject Alternative Name fields.

User Action

To resolve this error, you must perform one of the following tasks:

  • Disable Domain Security for the domain.

  • Contact the administrator of the domain and request that the administrator create a valid TLS certificate for the domain.

Disabling Domain Security

To disable Domain Security for the remote domain, you must remove the domain name from the TLSReceiveDomainSecureList parameter in the Set-TransportConfig cmdlet. If you have not configured dedicated Receive connectors for the domain, you can disable Domain Security for that domain by removing the domain name from the TransportConfig object.

If you are using dedicated Send connectors and Receive connectors for the domain-secured mail flow path, disable the connectors by setting the Enable parameter to $False on both the Set-ReceiveConnector cmdlet and the Set-SendConnector cmdlet. Mail flow from this particular domain will then flow through your default Send connectors and Receive connectors.

For more information, see the following topics in Microsoft Exchange Server 2007 Help:

For More Information

To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.

To review Exchange 2007 event message articles that may not be represented by Exchange 2007 alerts, see the Events and Errors Message Center.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.