Select the product you need help with
Event ID 2160 is logged in the Application log after you map a user to a certificate in Exchange Server 2010Article ID: 2737853 - View products that this article applies to. SymptomsAssume that you use one of the following account mapping methods together with the altSecurityIdentities attribute to map a user to a certificate in Microsoft Exchange Server 2010:
Log Name: Application Source: MSExchange ADAccess Event ID: 2160 Level: Warning Computer: Exchange.domain.com Description: Process w3wp.exe (). Recipient object CN=<User>,OU=Users,OU=site,DC=lab,DC=contoso,DC=com read from DC.domain.com failed validation and will be excluded from the result set. Set event logging level for Validation category to Expert to get additional events about each failure. CauseThis issue occurs because Exchange Server 2010 does not support the account mapping methods that are listed in the "Symptoms" section. ResolutionTo resolve this issue, use the following account mapping methods that are supported by Exchange Server 2010:
More informationActive Directory 2008 enables alternative account mappings by using the altSecurityIdentities attribute. This attribute contains the user’s certificate information that is used by the Kerberos Authentication service to identify the associated Active Directory user account. For more information about how to map a user to a certificate, go to the following Microsoft website: How to map a user to a certificate by using all the methods that are available in the altSecurityIdentities attribute
(http://blogs.msdn.com/b/spatdsg/archive/2010/06/18/howto-map-a-user-to-a-certificate-via-all-the-methods-available-in-the-altsecurityidentities-attribute.aspx)
PropertiesArticle ID: 2737853 - Last Review: August 3, 2012 - Revision: 1.0 Applies to
| Article Translations
 |
Back to the top
