Michael-Thomas
asked on
Outlook is unable to connect to email.company.com (Error Code 18)
Users are now receiving the following error message:
There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority.
Outlook is unable to connect to the proxy server mail.company.com. (Error Code 18)
After an unexpected shutdown of our domain controller, users are now getting the above error message in Outlook. Even when the user enters his/her correct credentials, they are prompted again. Some users do not have the problem, a simple logoff and log back in resolved the issue.
What I've noticed is that for the users that are having the problem, no CA is installed. Confirmed by going into IE > certificates > Trusted Root Certification Authorities. Why wouldn't the CA be accepted by some users, and not others? I would think I could access OWA on that users machine and install the CA, but the 'install certificate' option isn't available.
Any thoughts?
There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority.
Outlook is unable to connect to the proxy server mail.company.com. (Error Code 18)
After an unexpected shutdown of our domain controller, users are now getting the above error message in Outlook. Even when the user enters his/her correct credentials, they are prompted again. Some users do not have the problem, a simple logoff and log back in resolved the issue.
What I've noticed is that for the users that are having the problem, no CA is installed. Confirmed by going into IE > certificates > Trusted Root Certification Authorities. Why wouldn't the CA be accepted by some users, and not others? I would think I could access OWA on that users machine and install the CA, but the 'install certificate' option isn't available.
Any thoughts?
tolinrome
Are the users who are having problems authenticated on the domain? I'm only saying this because the DC went down and since they may not have re-authenticated when it came back up they should reboot and see if the problem is solved.
Have you tried placing the Root CA cert in the Trusted Root Certification Authorities store for the computer object?
Try it this way.
1. login as the administrator on the client PC
2. Start > Run > "mmc"
3. In the MMC goto File > Add/remove Snap-in
4. Select Certificates on the left side click Add
5. Select the Computer Account radio button and click finish.
6. right click the Trusted Root Certification Authorities store
7. select All Tasks > Import
Are you using GPO's to distribute your CA's certificates?
Try it this way.
1. login as the administrator on the client PC
2. Start > Run > "mmc"
3. In the MMC goto File > Add/remove Snap-in
4. Select Certificates on the left side click Add
5. Select the Computer Account radio button and click finish.
6. right click the Trusted Root Certification Authorities store
7. select All Tasks > Import
Are you using GPO's to distribute your CA's certificates?
ASKER
That was my first thought, so I did have all the users logoff and log back in. To take it a step further after that didn't work, I even had them reboot. So the users are definitely authenticated. They can actually close out the error and use Outlook, but it will prompt them again after about 7min, give or take.
You can check your CA to see what certs have been issued. Is the CA a domain controller? Make sure to try the instructions above because IE's cert UI is glichy.
ASKER
I actually don't have, nor have I had a policy in place to distribute my certificate. When we configure the user in Outlook it grabs the CA without even prompting. I've noticed now when I setup a user it can't verify the certificate being valid.
Now I can surely create a GPO and push out the CA certificate, but I'm just curious why I all of a sudden have to do that now?
The CA is a domain controller.
I added the certificate manually as shown above, and I'm still getting prompted. I've verified that the certificate is indeed installed, but still get a prompt.
Now I can surely create a GPO and push out the CA certificate, but I'm just curious why I all of a sudden have to do that now?
The CA is a domain controller.
I added the certificate manually as shown above, and I'm still getting prompted. I've verified that the certificate is indeed installed, but still get a prompt.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No solutions were provided to resolve the issue.