MSExchange ActiveSync 1035

  • 项目

 

上一次修改主题: 2011-03-19

本文对特定 Exchange 事件进行了说明并提供了可能的解决方案。如果您在此处未找到所需内容,请尝试在 Exchange 2010 帮助中进行搜索。

Details

Product Name

Exchange

Product Version

14.0

Event ID

1035

Category

Configuration

Symbolic Name

SecondCasFailureSSL

Message Text

The proxy request has failed due to an invalid SSL certificate on %1.

Explanation

This Warning event is logged if the Client Access server that issued a proxy request to another Client Access server failed because a certificate is not valid on the Client Access server that received the request. Proxy requests occur when users use a Client Access server that is not in the same site as their mailbox. In this situation, the request is proxied to a Client Access server that is in the same site as the mailbox.

This event is logged if the following conditions are true:

  • The proxy request to the receiving Client Access server is configured to use Secure Sockets Layer (SSL). By default, proxy requests do not use SSL. To use SSL, you must make a configuration change in the registry to force certificate checking when a proxy request is sent to another Client Access server.

  • The certificate is not valid. For example, the certificate is self signed.

User Action

To resolve this warning, do one of the following:

  • Install a valid certificate on the Client Access server that receives the proxy requests. A valid certificate must contain a valid host name. In addition, it must be signed by a recognized certification authority. In this scenario, a valid host name is the internal host name.

  • Configure Microsoft Exchange to let you use non-valid (or self-signed) certificates in the proxy scenario. To do this, you must make a registry configuration change on the Client Access server that receives the proxy requests. Do the following:

    Caution   不正确地编辑注册表时,可能导致出现严重问题,从而需要重新安装操作系统。因不正确地编辑注册表而导致出现的问题是能够解决的问题。编辑注册表之前,请备份所有重要数据。

    1. Start Registry Editor (regedit).

    2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA\

    3. Edit the AllowInternalUntrustedCerts key so that the certificate will not be checked. One way to do that is to make sure that the AllowInternalUntrustedCerts key is not present. Alternatively, you can change the data value of Value data of the AllowInternalUntrustedCerts key to 1.

    4. Exit Registry Editor.

    Note   You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect.

For More Information

如果您尚未执行此操作,请考虑运行 Exchange 工具,已创建这些工具以帮助您分析 Exchange 环境并对其进行疑难解答。这些工具可帮助确保您的配置与 Microsoft 最佳实践保持一致。它们还可以帮助您识别和解决性能问题,并改进邮件流。若要运行这些工具,请转到 Exchange 管理控制台的“工具箱”节点。若要了解有关这些工具的详细信息,请参阅管理工具箱中的工具