• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1810
  • Last Modified:

Security Alert message keeps popping up in Outlook 2013

Just set up a 10-user LAN with each user using Outlook 2013 linked into an exchange 2007 server. All is well except 2-3 times every day on every machine an extremely irritating message insists on popping up saying "Security Alert - Information you exchange with this site cannot be viewed or changed by others. However there is a problem with the site's security certificate" and we have to click Yes to proceed then it disappears. Any way of getting rid? Most annoying!
0
laurencoull
Asked:
laurencoull
1 Solution
 
Mark GalvinManaging Director / Principal ConsultantCommented:
Hi

any chance of a screen shot?

I think I have seen this message before and its to do with the Trust Center settings for Programmatic Access Settings and AV Software.

Thanks
mark
0
 
Simon Butler (Sembee)ConsultantCommented:
Do you have a trusted SSL certificate on the Exchange server?
I expect it is Autodiscover, which runs regularly while Outlook is open.

Simon.
0
 
laurencoullAuthor Commented:
Screenshot attached
security-screenshot.JPG
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Simon Butler (Sembee)ConsultantCommented:
"Sites."
Is this an SBS server by any chance?
If so, did you install the certificate through the SSL wizard in the management console?

Your SSL bindings are probably incorrect. If it is SBS, then run the fix my network wizard in the SBS console.

Simon.
0
 
laurencoullAuthor Commented:
Yes it is SBS2008. I never installed a certificate. Perhaps this is where my problem lies? Can you point me more precisely to the SSL wizard in the management console? Do I have to pay for a certificate or can I use the default one, as I always have done with SBS2003?
0
 
Simon Butler (Sembee)ConsultantCommented:
You will have an SSL certificate on an SBS 2008 server, because they are put in place by the setup of Exchange. Run the wizards in SBS management console will regenerate the self signed SSL certificate - but a trusted one should be used. A suitable one can be bought for less than $60/year.

Simon.
0
 
laurencoullAuthor Commented:
Haven't had a chance to try this out as yet, will do though
0
 
laurencoullAuthor Commented:
This is really stressing me out. I went ahead and bought a certificate from an issuing authority and installed it in my SBS2008 server. I did have an issue during this process as at the stage where I had to "Select the server software used to generate the csr" there were options for IIS 5.x to 6.x & IIS 7.x & later. As both are available on my server I had to toss a coin so chose 'IIS 7.x & later'. Then got the certificate installed ok via the SBS console. Now the certification path shows a 4-level tree with the highest level saying "User Trust" and the 4th level saying "remote.mydomain.com".
But the pop-ups are still coming up as before with the red cross against "The name on the security certificate is invalid or does not match the name of the site".
Now here's the bit that gets me worried:
Both before and after purchasing and installing this certificate, when I try to Remote Desktop to the server from a local pc, I get a huge yellow warning screen saying "The Certificate is not from a trusted certifying authority", even though I just bought it from one!! But perhaps significantly, the Certificate name displayed in "Name of the certificate from the remote computer" is shown as "<servername.internal-domain-name>.local", whereas the certificate which Exchange automatically installed and which I then replaced with the one I purchased is called "remote.<myexternaldomainname.com>". Could the fact these certificate names conflict be what's causing the annoying message to pop up? And if so, how did it happen and how do I fix it?
At this warning screen, if I click on View Certificate & Certification Path it shows the version with the internal domain name and only a 1-level tree rather than the 4-level tree displayed in the Certification path of the one in the SBS Console.
0
 
Simon Butler (Sembee)ConsultantCommented:
The RDP error you cannot do anything about, other than disable the use of SSL during RDP. That is because you cannot get certificates issued by a trusted source using an internal only domain.
You could use the remote.example.com host name to RDP to the server, that should resolve to the server's internal IP address and allow a connection, without any SSL warning.

Was the certificate installed through the SBS console? Was the server setup using the SBS console? The key thing here is using the SBS console to configure the server and configure the SSL certificate. That way it puts the certificate in the correct places.

Are you referring to RDP or Outlook when the SSL prompt comes up and you see the local issued SSL certificate? It is hard to make out from your post.

Simon.
0
 
laurencoullAuthor Commented:
Hi Simon
Point by point:
Now you've explained about the RDP error I'm not concerned in any way about getting the SSL message when I RDP, I only mentioned as I thought it might be relevant to the issue.
The certificate was certainly installed through SBS console but not sure what you mean by 'was the server set up using the SBS console': It was just set up by running the installation process from the DVD; I then configured all the domain/internet & Exchange stuff via the SBS console.
I'm referring to Outlook when the SSL prompt comes up as that's what's annoying my users. It doesn't seem to be adversely affecting email operation, it's just annoying everybody!
0
 
Simon Butler (Sembee)ConsultantCommented:
Are you using the SBS server for DNS exclusively on the clients? DHCP as well?
If you look in the DNS server applet, do you see entries for your external host name? You should if the wizards were run. If the wizards were run and you entered the correct host name, then installed the certificate with the SSL wizard in SBS, you shouldn't get any prompts, unless there is a problem with the SSL certificate.

It almost certainly is the internal Autodiscover value, but that should be set by SBS to match the external host.

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

If it isn't, then the wizards either didn't work or weren't run.

Simon.
0
 
laurencoullAuthor Commented:
Just posting to keep the question alive: I've not had a chance to look further into this as yet but will do next week, cheers.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now