Usually Exchange’s error messages are, while concise, informative and tend to point you in the right direction towards resolution, but sometimes an error occurs and the error message generated has little to nothing to do with the actual problem. One such case is with the proxy error 10.

This post will talk about what proxy error 10 usually means and how to fix that, but it will also go over another situation that occurs frequently, causes Outlook to throw the same error, but has little to do with the message.

Let’s talk first about this error message and what it indicates to the user. The text of the error can read as one of the following messages, where %s is a hex string;

Error message 1

There is a problem with the proxy server’s security certificate, %s. Outlook is unable to connect to this server. (%s)

Error message 2

There is a problem with the proxy server’s security certificate, %s. The name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (%s)

Error message 3

There is a problem with the proxy server’s security certificate, %s. The security certificate is not from a trusted certifying authority. Outlook is unable to connect to this server. (%s)”

Error message 4

There is a problem with the proxy server’s security certificate. The name on the security certificate is invalid or does not match the name of the target site %FQDN.

These error messages are usually caused by an issue with the certificate, including a name mismatch, an invalid or revoked certificate, or a certificate issued by an untrusted CA. It can also be caused by a mismatch between the FQDN in the account settings on the client, and what is on the certificate. For errors 1 and 2, the %s is a bitmask representing what is wrong with the certificate.

FLAG_CERT_REV_FAILED 0×00000001

FLAG_INVALID_CERT 0×00000002

FLAG_CERT_REVOKED 0×00000004

FLAG_INVALID_CA 0×00000008

FLAG_CERT_CN_INVALID 0×00000010

FLAG_CERT_DATE_INVALID 0×00000020

FLAG_CERT_WRONG_USAGE 0×00000040

FLAG_SECURITY_CHANNEL_ERROR 0×80000000

One way to examine the certificate from the client’s side is to view the certificate being presented by browsing to https://servername/rpc and then using the browser to check the certificate. You should be able to tell whether there is a name mismatch (don’t forget that the FQDN might be listed in the Subject Alternate Name (SAN) property,) and whether or not you trust the chain up to the root CA.

Error 4 is a unique one, where the wording in the message might send you on a wild goose chase. Before spending too much time tearing out your hair trying to figure out what is wrong with a perfectly valid certificate, check your Client Access Server to make sure that the Microsoft Exchange Address Book (MSExchangeAB) service is running. If that service has stopped (or is unreachable) then your Outlook 2010 clients will throw the fourth example of Proxy Error 10. Determine and resolve why the service failed or is unreachable, start the service, and have your clients re-launch Outlook.

Be Sociable, Share!

•