Exchange 2016/2019 Mitigation Service Error 1008 due to expired certificate

Exchange Logo[German]Today another piece of information for administrators of Microsoft Exchange servers who this week suddenly receive an Error 1008 on Exchange 2016 or 2019 in the event logs, which is triggered by the Mitigation Service. A blog reader brought this to my attention the other day because he suddenly experienced the issue on Microsoft Exchange Server 2019. The background is a Microsoft "Microsoft Exchange XML Signing" certificate that expired on June 9, 2022. The problem should have been fixed by Microsoft in the meantime.


Mitigation Service Error 1008 in log files

Blog reader Phil Randal contacted me via email on June 14, 2022, and pointed out that on Microsoft Exchange (on his end it was Exchange 2019), Mitigation Service Error 1008 could suddenly appear in the Event Viewer application logs (thanks for the tip).

Hi Gunter,

Noticing Application log error 1008 on our exchange servers:

"Exception encountered while fetching mitigations : System.Exception: This XML is not deemed safe to consume since  Response xml's signing cert is invalid or not from Microsoft"

Exchange Server encounters an exception error when applying mitigation and reports that an XML file cannot be used safely because the signing certificate of Response xml is invalid or not from Microsoft. Phil then referred me to a thread Mitigation Service XML errors since CU23 upgrade where this is also addressed.

Mitigation Service XML errors since CU23 upgrade

Good morning!

Since the upgrade to 2016 CU23, I've noticed several machines are throwing a new XML error regarding the Mitigation Service (EEM). We've been running 2016 CU22 on various clients with no issues and this error was never present. Since the upgrade to CU23, we're seeing this all over the place.

Microsoft Forums seem to suggest this is the result of a network connection being blocked to the IPs used by EEM. But the only thing that has changed is installing CU23, there's nothing new blocking these connections.

Testing the Mitigation Service passes fine. I'm able to access the URL for the mitigations just fine from these machines in a web browser. Clearly, nothing is being blocked.

Here's the full error:

An unexpected exception occurred. Diagnostic information: 
Exception encountered while fetching mitigations: 
System.Exception: This XML is not deemed safe to consume since Response 
xml's signing cert is invalid or notfrom microsoft at

Microsoft.Exchange.Mitigation.Service.Common.SignatureVerifierUtils.ThrowIfIntegrityChecksFail(SafeXmlDocument xmlDoc) at Microsoft.Exchange.Mitigation.Service.Common.SignatureVerifierUtils.GetValidatedDocumentWithoutSignature(SafeXmlDocument xmlDoc) at Microsoft.Exchange.Mitigation.Service.Common.Utils.FetchDataFromXmlStream[T](Stream stream) at Microsoft.Exchange.Mitigation.Service.Common.Utils.FetchMitigationsFromUrl[T](String url, RemoteCertificateValidationCallback certValidationCallback, X509Certificate clientAuthCert, Boolean isResponseJson) at Microsoft.Exchange.Mitigation.Service.MitigationCloudServiceV2.FetchMitigations() at Microsoft.Exchange.Mitigation.Service.Mitigations.MitigationEngine.FetchAndApplyMitigation()

Also on Microsoft Q&A, there is an Exchange 2019 Mitigation service error 1008 post where an affected person addresses the issue.

Exchange 2019 Mitigation service error 1008

I regularly receive error 1008
Exception encountered while fetching mitigations : System.Exception: This XML is not deemed safe to consume since Response xml's signing cert is invalid or not from microsoft

The issue started June 9.

Any suggestions?

King regards,

Certificate expired at Microsoft

A Microsoft employee then got in touch on and wrote that the error had nothing to do with the CU23, but with an expired certificate on the service's side – the certificate expired on June 9, 20222. Microsoft is working to fix it on the service side (admins don't have to do anything). The issue is only cosmetic at the moment, he said, and Microsoft has not released any contingency measures.

The Microsoft Q&A thread Exchange 2019 Mitigation service error 1008 contains a reader comment pointing to this article from The Register. There, on June 10, 2022, it was reported that Microsoft forgot to renew the certificate for the Windows Insider website. Visitors then received the message "Your connection is not private".

Cookies helps to fund this blog: Cookie settings

This entry was posted in issue, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *