MSExchange ActiveSync 1035

This article provides an explanation and possible resolutions for a specific Exchange event. If you don't find what you’re looking for here, try searching Exchange 2010 Help.

Details

Explanation

This Warning event is logged if the Client Access server that issued a proxy request to another Client Access server failed because a certificate is not valid on the Client Access server that received the request. Proxy requests occur when users use a Client Access server that is not in the same site as their mailbox. In this situation, the request is proxied to a Client Access server that is in the same site as the mailbox.

This event is logged if the following conditions are true:

• The proxy request to the receiving Client Access server is configured to use Secure Sockets Layer (SSL). By default, proxy requests do not use SSL. To use SSL, you must make a configuration change in the registry to force certificate checking when a proxy request is sent to another Client Access server.

• The certificate is not valid. For example, the certificate is self signed.

User Action

To resolve this warning, do one of the following:

• Install a valid certificate on the Client Access server that receives the proxy requests. A valid certificate must contain a valid host name. In addition, it must be signed by a recognized certification authority. In this scenario, a valid host name is the internal host name.

• Configure Microsoft Exchange to let you use non-valid (or self-signed) certificates in the proxy scenario. To do this, you must make a registry configuration change on the Client Access server that receives the proxy requests. Do the following:

  Caution   Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

  1. Start Registry Editor (regedit).

  2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA\

  3. Edit the AllowInternalUntrustedCerts key so that the certificate will not be checked. One way to do that is to make sure that the AllowInternalUntrustedCerts key is not present. Alternatively, you can change the data value of Value data of the AllowInternalUntrustedCerts key to 1.

  4. Exit Registry Editor.

  Note   You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect.

For More Information

If you are not already doing so, consider running the Exchange tools, which have been created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues and improve mail flow. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.