MSExchange OWA 43

  • 项目

 

上一次修改主题: 2011-03-19

本文对特定 Exchange 事件进行了说明并提供了可能的解决方案。如果您在此处未找到所需内容,请尝试在 Exchange 2010 帮助中进行搜索。

Details

Product Name

Exchange

Product Version

14.0

Event ID

43

Category

Proxy

Symbolic Name

ProxyErrorSslTrustFailure

Message Text

Client Access server "%1" tried to proxy Outlook Web App traffic to Client Access server "%2". This failed because the Outlook Web App registry key "AllowInternalUntrustedCerts" is set to "0", but no certificate trusted by "%1" was available for the Secure Sockets Layer (SSL) encryption of the proxy connection.

Explanation

The Warning event indicates the computer that is running the Client Access server role could not proxy a Microsoft Office Outlook Web App request from one Client Access server to a Client Access server that is located in a different Active Directory site. This event occurs if the following conditions are true:

  • The security certificate presented by the remote proxying Client Access server is not trusted by the Client Access server that initiates the proxy request.

  • The Client Access server that initiates the proxy request does not allow untrusted security certificates for proxying.

In an Exchange Server 2010 organization, a Client Access server can act as a proxy for other Client Access servers within the organization. This is useful if the following conditions are true:

  • Multiple Client Access servers are present in different Active Directory sites in an organization.

  • Only one Client Access server is exposed to the Internet.

By default, the proxying process allows the use of an untrusted security certificate to create a secure HTTPS connection. You can create the AllowInternalUntrustedCerts registry key to change the default behavior.

For more information about Outlook Web App proxying and redirection, see 了解代理和重定向.

User Action

To resolve this warning, follow one of more of these steps:

  • Verify that the security certificate installed at Outlook Web App virtual directories of the remote proxying Client Access server is from a trusted certifying authority.

  • Configure the Client Access server that initiates the proxy request to use an untrusted security certificate for proxying. You configure this setting by editing the registry.

    Caution   不正确地编辑注册表时,可能导致出现严重问题,从而需要重新安装操作系统。因不正确地编辑注册表而导致出现的问题是能够解决的问题。编辑注册表之前,请备份所有重要数据。

  1. In Registry editor, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA.

  2. Double-click AllowInternalUntrustedCerts.

  3. Under Value data, type 1.

  4. Under Base, click Decimal.

  5. Close Registry Editor.

  6. Restart Internet Information Services (IIS) by using the command iisreset/noforce.

  7. 使用自助支持选项、协助支持选项及其他资源来解决您的问题。您可以从 Exchange Server 解决方案中心访问这些资源。在该页中,单击导航窗格中的“自助支持选项”可使用自助服务选项。自助服务选项包括搜索 Microsoft 知识库、在 Exchange Server 论坛上发布问题及其他方法。或者,您可以在导航窗格中单击“协助支持选项”来联系 Microsoft 支持专业人员。由于您的组织可能已有直接与 Microsoft 产品支持服务联系的特定流程,因此,请您务必先查看您组织的准则。

For More Information

如果您尚未执行此操作,请考虑运行 Exchange 工具,已创建这些工具以帮助您分析 Exchange 环境并对其进行疑难解答。这些工具可帮助确保您的配置与 Microsoft 最佳实践保持一致。它们还可以帮助您识别和解决性能问题,并改进邮件流。若要运行这些工具,请转到 Exchange 管理控制台的“工具箱”节点。若要了解有关这些工具的详细信息,请参阅管理工具箱中的工具