Topic Last Modified: 2010-02-18
The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.
To learn more about this alert, in Operations Manager, do one or more of the following:
- From the Operations Console, double-click this alert, and then
click the General tab. Review the description of the alert
that includes the variables specific to your environment.
- From the Operations Console, double-click this alert, and then
click the Alert Context tab. Review the logged events that
meet the criteria of this Operations Manager alert.
Details
|
Product Name |
Exchange |
|
Product Version |
14.0 (Exchange 2010) |
|
Event ID |
11013 |
|
Event Source |
MSExchangeTransport |
|
Alert Type |
Warning |
|
Rule Path |
Microsoft Exchange Server/Exchange 2010/Common Components/Hub Transport and Edge Transport/Transport |
|
Rule Name |
The connection to a secure domain failed because the Transport Layer Security negotiation was unsuccessful. |
Explanation
This Error event indicates that a certificate validation error has occurred with a domain that is configured for Domain Secure e-mail.
User Action
To resolve this error, you must perform one of the following tasks:
- Disable Domain Security for the domain.
- Contact the administrators of the remote domain and inform them
that the Transport Layer Security (TLS) certificate that they are
using must be fixed. The administrators of the remote domain should
refer to the Microsoft Exchange Server 2010 Help topic
Troubleshooting Certificate Validation Errors for more
information about how to troubleshoot the certificate validation
errors. The certificate validation error referenced in this Error
event is caused by an error from the TLS certificate of the remote
domain, not from the TLS certificate of your organization.
Disabling Domain Security
To disable Domain Security for the remote domain, you must remove the domain name from the TLSReceiveDomainSecureList parameter in the Set-TransportConfig cmdlet. If you have not configured dedicated Receive connectors for the domain, you can disable Domain Security for that domain by removing the domain name from the TransportConfig object.
If you are using dedicated Send connectors and Receive connectors for the domain-secured mail flow path, disable the connectors by setting the Enable parameter to $False on both the Set-ReceiveConnector cmdlet and the Set-SendConnector cmdlet. Mail flow from this particular domain will then flow through your default Send connectors and Receive connectors.
For more information, see the following topics:
- Set-TransportConfig
- Set-ReceiveConnector
- Set-SendConnector
For More Information
If you are not already doing so, consider running the Exchange tools created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.