Topic Last Modified: 2010-01-26

The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.

To learn more about this alert, in Operations Manager, do one or more of the following:


Product Name


Product Version

14.0 (Exchange 2010)

Event ID


Event Source

MSExchange OWA

Alert Type


Rule Path

Microsoft Exchange Server/Exchange 2010/Client Access/Outlook Web Access

Rule Name

The Outlook Web App proxy failed because it couldn't find a trusted certificate for SSL encryption.


The Warning event indicates the computer that is running the Client Access server role could not proxy a Microsoft Office Outlook Web App request from one Client Access server to a Client Access server that is located in a different Active Directory site. This event occurs if the following conditions are true:

  • The security certificate presented by the remote proxying Client Access server is not trusted by the Client Access server that initiates the proxy request.

  • The Client Access server that initiates the proxy request does not allow untrusted security certificates for proxying.

In an Exchange Server 2010 organization, a Client Access server can act as a proxy for other Client Access servers within the organization. This is useful if the following conditions are true:

  • Multiple Client Access servers are present in different Active Directory sites in an organization.

  • Only one Client Access server is exposed to the Internet.

By default, the proxying process allows the use of an untrusted security certificate to create a secure HTTPS connection. You can create the AllowInternalUntrustedCerts registry key to change the default behavior.

For more information about Outlook Web App proxying and redirection, see Understanding Proxying and Redirection.

User Action

To resolve this warning, follow one of more of these steps:

  • Verify that the security certificate installed at Outlook Web App virtual directories of the remote proxying Client Access server is from a trusted certifying authority.

  • Configure the Client Access server that initiates the proxy request to use an untrusted security certificate for proxying. You configure this setting by editing the registry.

    Caution   Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

For More Information

If you are not already doing so, consider running the Exchange tools created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.