MSExchangeTransport 11016
This article provides an explanation and possible resolutions for a specific Exchange event. If you don't find what you’re looking for here, try searching Exchange 2010 Help.
Details
Product Name |
Exchange |
Product Version |
14.0 |
Event ID |
11016 |
Event Source |
MSExchangeTransport |
Category |
MessageSecurity |
Symbolic Name |
TlsDomainServerCertificateSubjectMismatch |
Message Text |
Authentication of the connection to secure domain %1 failed because the Transport Layer Security (TLS) server certificate didn't contain the name of that domain. Either contact the administrator for domain %1 to resolve the problem with their certificate or remove the domain from the domain-secured list. |
Explanation
This Error event indicates that a domain that is specified in the TransportConfig object as a domain-secured domain has sent a message that has a certificate that does not contain a valid domain name. To authenticate with Domain Security, the certificate that is used for the Transport Layer Security (TLS) session must include the fully qualified domain name (FQDN) of the domain in the Subject or Subject Alternative Name fields.
User Action
To resolve this error, you must perform one of the following tasks:
Disable Domain Security for the domain.
Contact the administrator of the domain and request that the administrator create a valid TLS certificate for the domain.
For More Information
If you are not already doing so, consider running the Exchange tools, which have been created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues and improve mail flow. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.