A certificate used for federation is about to expire

 

Applies to: Operations Manager Management Pack for Exchange 2010

Topic Last Modified: 2011-08-02

The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.

To learn more about this alert, in Operations Manager, do one or more of the following:

  • From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.

  • From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the logged events that meet the criteria of this Operations Manager alert.

 

Product Name

Exchange

Product Version

14.0 (Exchange 2010)

Event ID

2009

Event Source

MSExchange Certificate Deployment

Rule Path

Microsoft Exchange Server/Exchange 2010/Common Components/Hub Transport and Edge Transport/Transport

Rule Name

A certificate used for federation is about to expire.

In Exchange Server 2010, a federation is used for federated delegation. This allows the sharing of availability information, calendars, and contacts with recipients in external federated organizations. This Warning event is logged when the certificate that is used for federation is almost expired.

There is only one federation trust certificate created for each organization.

For example, if the servers that are running Microsoft Exchange within an organization are located in multiple Active Directory forests, the same federation trust certificate must be used within each Active Directory forest. Therefore, the organization must repeat the certificate renewal operation in each Active Directory forest. After the trust certificate is updated on a server in the Active Directory forest, the certificate is automatically distributed to all other servers within that Active Directory forest.

For more information about how to obtain a new certificate, see Understanding Federation.

For more information about how to transition to the next available certificate, see Manage Federation.

noteNote:
Self-signed certificates for a federation trust are supported in Microsoft Exchange Server 2010 R5 and later versions. However, the federation trust must be created by using the New-FederationTrust cmdlet in Exchange Server 2010 R5.

If you are not already doing so, consider running the Exchange tools, which have been created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues and improve mail flow. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.

 
Show: