MSExchange OWA 43

 

This article provides an explanation and possible resolutions for a specific Exchange event. If you don't find what you’re looking for here, try searching Exchange 2010 Help.

Details

Product Name

Exchange

Product Version

14.0

Event ID

43

Category

Proxy

Symbolic Name

ProxyErrorSslTrustFailure

Message Text

Client Access server "%1" tried to proxy Outlook Web App traffic to Client Access server "%2". This failed because the Outlook Web App registry key "AllowInternalUntrustedCerts" is set to "0", but no certificate trusted by "%1" was available for the Secure Sockets Layer (SSL) encryption of the proxy connection.

Explanation

The Warning event indicates the computer that is running the Client Access server role could not proxy a Microsoft Office Outlook Web App request from one Client Access server to a Client Access server that is located in a different Active Directory site. This event occurs if the following conditions are true:

  • The security certificate presented by the remote proxying Client Access server is not trusted by the Client Access server that initiates the proxy request.

  • The Client Access server that initiates the proxy request does not allow untrusted security certificates for proxying.

In an Exchange Server 2010 organization, a Client Access server can act as a proxy for other Client Access servers within the organization. This is useful if the following conditions are true:

  • Multiple Client Access servers are present in different Active Directory sites in an organization.

  • Only one Client Access server is exposed to the Internet.

By default, the proxying process allows the use of an untrusted security certificate to create a secure HTTPS connection. You can create the AllowInternalUntrustedCerts registry key to change the default behavior.

For more information about Outlook Web App proxying and redirection, see Understanding Proxying and Redirection.

User Action

To resolve this warning, follow one of more of these steps:

  • Verify that the security certificate installed at Outlook Web App virtual directories of the remote proxying Client Access server is from a trusted certifying authority.

  • Configure the Client Access server that initiates the proxy request to use an untrusted security certificate for proxying. You configure this setting by editing the registry.

    Caution   Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

  1. In Registry editor, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA.

  2. Double-click AllowInternalUntrustedCerts.

  3. Under Value data, type 1.

  4. Under Base, click Decimal.

  5. Close Registry Editor.

  6. Restart Internet Information Services (IIS) by using the command iisreset/noforce.

  7. Resolve your issue by using self-support options, assisted support options, and other resources. You can access these resources from the Exchange Server Solutions Center. From this page, click Self-Support Options in the navigation pane to use self-help options. Self-help options include searching the Microsoft Knowledge Base, posting a question at the Exchange Server forums, and other methods. Alternatively, in the navigation pane, you can click Assisted Support Options to contact a Microsoft support professional. Because your organization may have a specific procedure for directly contacting Microsoft Product Support Services, be sure to review your organization's guidelines first.

For More Information

If you are not already doing so, consider running the Exchange tools, which have been created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues and improve mail flow. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.