The Client Access server cannot proxy the Exchange ActiveSync client request to the Exchange server “%1”. For this to work, Integrated Windows authentication must be configured on the Microsoft-Server-ActiveSync virtual directory on the Exchange server “%1”.

Details
Product: Exchange
Event ID: 1036
Source: MSExchange ActiveSync
Version: 8.0
Symbolic Name: SecondCasFailureNTLM
Message: The Client Access server cannot proxy the Exchange ActiveSync client request to the Exchange server “%1”. For this to work, Integrated Windows authentication must be configured on the Microsoft-Server-ActiveSync virtual directory on the Exchange server “%1”.
   
Explanation

This Warning event is logged when authentication fails between the Client Access server that sends a proxy request and the Client Access server that receives a proxy request. Proxy requests occur when users use a Client Access server that is not in the same site as their mailbox. In this situation, the request is proxied to a Client Access server that is in the same site as the mailbox.

This event may be logged when the receiving Client Access server cannot validate the proxy request from the sending Client Access Server. In this scenario, the sending Client Access Server authenticates itself as a local system user on a server that is running Microsoft® Exchange Server. All Exchange servers are members of the local system security group. The receiving Client Access server can only request this authentication information through Microsoft Windows® Integrated Authentication. If an administrator has turned off Microsoft Windows® Integrated authentication, proxy requests can no longer function.

   
User Action

To make sure that Windows Integrated Authentication is turned on, do the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In Internet Information Services (IIS) Manager, in the console tree, click Web Sites.

  3. In the console tree, click to expand the Default Web Site.

  4. In the console tree, right-click Microsoft-Server-ActiveSync, and then click Properties.

  5. On the Directory Security tab, under Authentication and access control, click Edit.

  6. Make sure that the Enable anonymous access option is not selected.

  7. Select Integrated Windows authentication option, and then click OK.

    Note   You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Related:

Leave a Reply