Topic Last Modified: 2010-07-05
The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.
To learn more about this alert, in Operations Manager, do one or more of the following:
- From the Operations Console, double-click this alert, and then
click the General tab. Review the description of the alert
that includes the variables specific to your environment.
- From the Operations Console, double-click this alert, and then
click the Alert Context tab. Review the logged events that
meet the criteria of this Operations Manager alert.
Details
|
Product Name |
Exchange |
|
Product Version |
14.0 (Exchange 2010) |
|
Event ID |
1036 |
|
Event Source |
MSExchangeTransport |
|
Alert Type |
Error |
|
Rule Path |
Microsoft Exchange Server/Exchange 2010/Common Components/Hub Transport and Edge Transport/Transport |
|
Rule Name |
Inbound direct trust authentication failed for a certificate. Make sure the EdgeSync service (MSExchangeEdgeSync) is running. |
Explanation
This Error event indicates that Domain Security, which uses mutual Transport Layer Security (TLS) authentication, failed for the connection attempt by the indicated source IP address. Domain Security requires that an Edge Subscription is configured for the receiving Edge Transport server.
For more information about Domain Security, see Understanding Domain Security.
User Action
To resolve this problem, do one or more of the following:
Verify that the Edge Transport server is subscribed to the Microsoft Exchange organization. For more information, see Managing Edge Subscriptions.
- Verify that the Edge Transport server is receiving
synchronization updates through the EdgeSync process. You can check
whether the Microsoft Exchange EdgeSync service is running on all
Hub Transport servers in the subscribed site. You can use the
Test-EdgeSynchronization cmdlet in the Exchange Management
Shell to verify EdgeSync results.
- Verify that the domain is included in the list of remote
domains that is specified in the TLSReceiveDomainSecureList
parameter and in the TLSSendDomainSecureList parameter.
These parameters are configured on the TransportConfig object for
the Exchange organization. You can use the
Get-TransportConfig cmdlet in the Exchange Management Shell
to view these parameters. If the domain is not included in the
list, you can use the Set-TransportConfig cmdlet to add the
domain to the list. These parameters are synchronized to the Edge
Transport server during the EdgeSync process.
- Review other related Error events and Warning events in the
Application log. These related events may help you find the cause
of this problem.
- If the recommended steps do not resolve this problem, contact
Microsoft Customer Support Services. For more information about how
to contact support, visit the Microsoft Help and Support Web site.
For More Information
If you are not already doing so, consider running the Exchange tools created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.