Re: Event 1287 MSExchangeSRS

Hi jremmc,

Thanks for your update. I appreciate your time.

I. For the replication error, you may try to the following steps to trouble
shoot the issue:

Step 1: Please try to do a Site Knowledge Consistency Check on the SRS.

To force a site knowledge consistency check to run, you must make a change
to the SRS object by using the Microsoft Exchange Server 5.5 Administrator
program. When the Knowledge Consistency Checker monitoring thread detects a
change to that object, it begins to check the consistency of the SRS.

To modify the SRS object:

1. Start the Exchange Server 5.5 Administrator program in raw mode by
typing the following at a command prompt:
c:\program files\exchsrvr\bin\admin /r
2. On the File menu, click Connect to Server. Specify the name of the
Exchange 2000 server that is running the SRS, and then click OK .
3. Expand the tree in the left pane. Locate the following object:
OrganizationName \ SiteName \Configuration\Servers\ ServerName
4. In the right pane, click the Site Replication Service object. On the
File menu, click Raw Properties .
5. In the Object Attributes list, locate, and then click Admin-Display-Name

6. In the Edit Value box, make a change to the displayed value, such as
adding a character to the end of the name.
7. Click Set , and then click Apply .
8. Change the value in the Edit Value box back to the original name, and
then click OK .
9. Click Set , and then click Apply .
10. Click OK .

Step 2: Rebuild the Directory Replication connector between sites.

For more info, refer to the following steps here:
147775 XADM: Requirements for a Directory Replication Connector
http://support.microsoft.com/?id=147775

Step 3: Try to rebuild the Site Replication Service on the exchange 2003
site. Detailed steps are populated in article 282061.

How to rebuild a Site Replication Service without a backup
http://support.microsoft.com/?id=282061

Then please monitor the server to see if the issue resolved.

II. To the exchange VD SSL question, you can refer to the KB article 817379
method 2 to create a additional VD. In doing so, the activesync and OMA all
can require SSL. It is recommended configuration.

Please let me know if you have any further question on the issue. I am glad
to be assistance to you.

Have a nice weekend!

Sincerely,
Jenny Wu, MCSE 2000/2003, MCSA 2000/2003, MCDBA, MCSD
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--------------------
From: "Ed Crowley [MVP]" <curspice@xxxxxxxxxxxxxx>
References: <ekkZjac0GHA.1568@xxxxxxxxxxxxxxxxxxxx>
<#V$YKJk0GHA.2196@xxxxxxxxxxxxxxxxxxxx>
<eyiciyq0GHA.3752@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Event 1287 MSExchangeSRS
Date: Thu, 7 Sep 2006 12:09:01 -0700
Lines: 81
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Response
Message-ID: <#ILNVEr0GHA.2356@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.exchange.admin
NNTP-Posting-Host: adsl-216-103-85-85.dsl.snfc21.pacbell.net 216.103.85.85
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.admin:567354
X-Tomcat-NG: microsoft.public.exchange.admin

Why would you have it installed on the SMTP virtual server?
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"jremmc" <jremmc@xxxxxxxxxxxxxx> wrote in message
news:eyiciyq0GHA.3752@xxxxxxxxxxxxxxxxxxxxxxx
Hello Ed,

Thanks. Been looking thru configs on ADC, E2K3, 5.5 servers, can't find
any places for SSL to be checked, other than E2K3 IIS and SMTP VS. We do
not have cert installed under SMTP VS, just for OWA so just in IIS.
However, the /Exchange virtual directory does *not* have Require SSL
checked under Directory Security tab, Secure Communications, Edit. Also
not checked in Exadmin but read in MS doc that is default. Require SSL
*is* checked in Default Web Site, ExchWeb, OMA,
Microsoft-Server-Active-Sync and Public virtual directories.

Would not having Require SSL checked in /Exchange vr cause 1287 issue?

Also, as this is my first SSL experience I wasn't sure whether the
/Exchange vr defaulted to have Require SSL once an SSL cert is
installed.
Some testing showed that users can log onto OWA via http: unless Require
SSL is checked, but also found that my Windows 5.0 mobile phone won't
sync, gets error 0x85010014 (setting This server requires SSL is
checked)
. Led me to KB 817379 - Exchange ActiveSync and Outlook Mobile Access
errors occur when SSL or forms-based authentication is required for
Exchange Server 2003.

I can create exchange-oma vr as per KB. But I'm confused, is the process
then that mobile phones connect via SSL and the oma vr and active sync
vr
connect to the /Exchange vr via port 80, or that the mobile phones do
not
use SSL at all? (we want our mobile phones to use SSL).

Thanks,
jnremmc


"Ed Crowley [MVP]" <curspice@xxxxxxxxxxxxxx> wrote in message
news:%23V$YKJk0GHA.2196@xxxxxxxxxxxxxxxxxxxxxxx
My guess is that you're requiring SSL in a place where you shouldn't be.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"jremmc" <jremmc@xxxxxxxxxxxxxx> wrote in message
news:ekkZjac0GHA.1568@xxxxxxxxxxxxxxxxxxxxxxx
We started getting this error Event ID 1287 from MSExchangeSRS

Unable to connect an LDAP SSL client due to an internal error. Verify
that the SSL credentials are properly set up on this server.

about three weeks ago. That is extent of error message; no info as to
which/what client. I have no experience with this error. Search
Technet,
Google turned up nothing other than the small blurb in MS Help &
Support
link in error mesage. I'd be inlined to think that since SRS is
throwing
the error it would relate to either E2K3 server or ADC server (which
is
a DC) or our branch 5.5 server. But none of the servers had an SSL
certificate when errors started, none would be trying to connect via
SSL
to the other. Start of error "may" have coincided with a company wide
email that we were imminently installing an SSL certificate and
someone
may have jumped the gun and configured their PC or phone for SSL
early.
But then why would SRS be the reporting service?

We did install SSL (one of the big third-party) on E2K3 last week but
errors continue. Pretty sure SSL cert installed correctly, no issues
otherwise.

Any ideas, including how to track down client causing errors?

Thanks,
jremmc









.