Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook Security Alert for Someone Else's Certificate Problem

Posted on 2013-10-25
9
Medium Priority
?
395 Views
Last Modified: 2013-10-30
When I open Outlook 2013 on my Windows 8 Pro computer and open my Exchange 2010SP2 mailbox, I get a security alert for the domain "mail.company.com".  The problem is that this is not a server in my domain.  My server is "mail.northcompany.com".  I select "No" to the alert and Outlook works flawlessly.  The Exchange Connectivity Analyzer does not report any problems.  I have tried deleting and recreating my Outlook profile, deleting/recreating/reinstalling server certificate, another version of Outlook, different computers with XP and 7, and connected to different networks with different ISPs and DNS servers.  I don't get this message when I use OWA.

What is causing this alert and how to I get rid of it?

Thank you in advance!
(Note: I have replaced the actual server names with fakes that follow the same format for security purposes.)
0
Comment
Question by:ADMlNlSTRATOR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 39602972
What's the exact error message that you're getting?

Do you have a email in your inbox from someone in the mail.company.com domain (the server name that you're getting the alert about)?

Are you using autodiscover or have you specified your server name manually?  Do other people in this domain get the same warning?

It sounds like either:
1) There's an error in the autodiscover xml or
2) There's a signed message in your inbox that is invalid - though with this, I'd expect the warning only once.
0
 

Author Comment

by:ADMlNlSTRATOR
ID: 39607263
Thank you for your comment!

Pop up window says "Security Alert...mail.company.com... Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.  Etc.  The rest of the message is not important because it is not my domain and I don't care if this certificate is good or not.
I don't have, or ever had, emails from this domain in my mailbox.
I am using autodiscover and other people in the domain also get this securit alert.

Please keep the comments coming, I am sure the answer is out there somewhere.
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 39607731
I bet the exchange server is setup wrong.  

I know the domains you gave are only examples, but one wrong one (the one that shows in the alert) really the same as your real domain except it's missing the first word?  (for example, your domain is mail.NorthServices.com and the warning is about mail.services.com without the north?)

If so, I'm guessing that the exchange administrator setup autodiscover wrong and inadvertently left off the North part.  Could it be that the non-north domain is a cname to your valid mail server?  That would make sense as to why it's still woring, but with a warning since the certificate includes the North.

Check https://testconnectivity.microsoft.com/
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:ADMlNlSTRATOR
ID: 39609058
Thank you for your comment.
The answer to your first question is, "Yes".
The answer to your second question is, "No".
Please take the time to read my comments and the comments of others before commenting again.  I already stated that I tested Exchange connectivity.
I will add that the wrong domain is not listed in the Exchange server's DNS, Autodiscover.XML or the public DNS.

Still looking for a solution...
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 39609115
First, I'm so terribly sorry for recommending that you check the MS connectivity test tool.  I fully read your original post, but did no re-read it after you replied to my questions after 2 days, and forgot that you mentioned this one simple (but important) test.  I read lots of posts here in an attempt to help.  I know that you've paid for your membership, but please remember that we are all completely unpaid volunteers here.

If everyone who is using the Exchange server is getting this error, it's got to be something with the configuration - it's going to be a human error in not adding the "North" part of the server name.

Are you the server admin?  Can you run powershell commands on the server to look at the configs?
0
 

Author Comment

by:ADMlNlSTRATOR
ID: 39609198
Thank you for understanding my concern weinberk.
I built the Exchange server and I am the sole administrator.
Please let me know what commands I should run.
0
 
LVL 15

Accepted Solution

by:
Berkson Wein earned 2000 total points
ID: 39609740
Lets start with this:
Get-WebServicesVirtualDirectory |fl identity,internalurl,externalurl

and this:
Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri


Post the results (redacted)
0
 

Author Comment

by:ADMlNlSTRATOR
ID: 39613171
The first command lists the wrong server name under "ExternalURL".
I used the "Set-webservicesvirtualdirectory" command to change it to the correct server.
I restarted the server but the security alert persisted.
I flushed DNS and recreated my Outlook profile and I haven't see the alert yet.

It looks pretty cut and dry.  I made a typo and found it with your help.

You are truly an expert.

Please let me know if you have any idea why ECA did not detect this problem.
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 39613219
Glad to have helped.  Some time all it takes is another set of eyes.  

I've got no idea why MS's tool didn't detect the error.  You'd sure think it would.  

Wouldn't the XML for autodiscover show the wrong info too.

In any case, I'm glad I helped you get this sorted.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Overload?
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question