Inbound direct trust authentication failed for certificate %1. The source IP address of the server that tried to authenticate to Microsoft Exchange is [%2]. Make sure EdgeSync is running properly.

Details
Product: Exchange
Event ID: 1036
Source: MSExchangeTransport
Version: 8.0
Symbolic Name: SmtpReceiveDirectTrustFailed
Message: Inbound direct trust authentication failed for certificate %1. The source IP address of the server that tried to authenticate to Microsoft Exchange is [%2]. Make sure EdgeSync is running properly.
   
Explanation

This Error event indicates that Domain Security, which uses mutual Transport Layer Security (TLS) authentication, failed for the connection attempt from the indicated source IP address. Domain Security requires that an Edge Subscription is configured for the receiving Edge Transport server. For more information about Domain Security, see Domain Security White Paper.

   
User Action

To resolve this error, do one or more of the following:

  • Verify that the Edge Transport server is subscribed to the Microsoft Exchange organization. For more information, see Subscribing the Edge Transport Server to the Exchange Organization.

  • Verify that the Edge Transport server is receiving synchronization updates through the EdgeSync process. You can check whether the Microsoft Exchange EdgeSync service is running on all Hub Transport servers in the subscribed site. You can use the Test-EdgeSynchronization cmdlet in the Exchange Management Shell to verify EdgeSync results.

  • Verify that the domain is included in the list of remote domains that is specified in the TLSReceiveDomainSecureList parameter and the TLSSendDomainSecureList parameter, which are configured on the TransportConfig object for the Exchange organization. You can use the Get-TransportConfig cmdlet in the Exchange Management Shell to view these parameters. If the domain is not included in the list, you can use the Set-TransportConfig cmdlet to add the domain to the list. These parameters are synchronized to the Edge Transport server during the EdgeSync process.

  • Review other related Error and Warning events in the Application log. These related events may help you find the root cause of this error.

  • If the recommended steps do not resolve this error, contact Microsoft Customer Support Services. For more information about how to contact support, visit the Microsoft Help and Support Web site.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Related:

Leave a Reply