SCOM alert proxying to Unknown

SCOM Alerts can be related to SSL certificates and it is worth checking the IIS BackEnd Site Binding to see if the certificate is valid. One example of this is the alert for OutlookRpcDeepTestMonitor. Also note that if the server alerting is getting a “proxying to unknown” error that the Certificate issue is likely on a different Exchange Server.

Open IIS, browse down to Site and Exchange Back End. Click bindings and edit the site bindings on port 444. The site should be bound with the certificate called “Microsoft Exchange”. When you view the certificate I found the certificate being used had an error “The CA Root certificate is not trusted”.

To fix this issue the self signed certificate needs to be exported from the Personal Store and imported into the Trusted Root CA.

Run mmc

Add the Snap-in for Certificates

Browse down to Personal and Certificates and Export the self-signed certificate where the friendly name is “Microsoft Exchange”.

Export it using the format P7B and select the option to “Include all certificates in the certification path if possible”

Name the file and Save it anywhere you like.

Browse down to Trusted Root Certification Authorities and right click Certificates -> All Tasks and Import

Select the certificate you exported, click next and ensure the certificate is placed in the Trusted Root CA.

Now back to IIS when you view the certificate that is bound to the Exchange Back End Site it should look like this:

 

Now you need to restart the Exchange Health Manager service MSExchangeHM on the server that reported the issue or restart it across all the Exchange Servers:

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.