Solved

Security Alert message keeps popping up in Outlook 2013

Posted on 2013-11-15
14
514 Views
Last Modified: 2015-06-23
Just set up a 10-user LAN with each user using Outlook 2013 linked into an exchange 2007 server. All is well except 2-3 times every day on every machine an extremely irritating message insists on popping up saying "Security Alert - Information you exchange with this site cannot be viewed or changed by others. However there is a problem with the site's security certificate" and we have to click Yes to proceed then it disappears. Any way of getting rid? Most annoying!
0
Comment
Question by:laurencoull
14 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 39651807
Hi

any chance of a screen shot?

I think I have seen this message before and its to do with the Trust Center settings for Programmatic Access Settings and AV Software.

Thanks
mark
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39653483
Do you have a trusted SSL certificate on the Exchange server?
I expect it is Autodiscover, which runs regularly while Outlook is open.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39667223
Screenshot attached
security-screenshot.JPG
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39668331
"Sites."
Is this an SBS server by any chance?
If so, did you install the certificate through the SSL wizard in the management console?

Your SSL bindings are probably incorrect. If it is SBS, then run the fix my network wizard in the SBS console.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39722719
Yes it is SBS2008. I never installed a certificate. Perhaps this is where my problem lies? Can you point me more precisely to the SSL wizard in the management console? Do I have to pay for a certificate or can I use the default one, as I always have done with SBS2003?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 395 total points
ID: 39729665
You will have an SSL certificate on an SBS 2008 server, because they are put in place by the setup of Exchange. Run the wizards in SBS management console will regenerate the self signed SSL certificate - but a trusted one should be used. A suitable one can be bought for less than $60/year.

Simon.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:laurencoull
ID: 39765338
Haven't had a chance to try this out as yet, will do though
0
 

Author Comment

by:laurencoull
ID: 39788340
This is really stressing me out. I went ahead and bought a certificate from an issuing authority and installed it in my SBS2008 server. I did have an issue during this process as at the stage where I had to "Select the server software used to generate the csr" there were options for IIS 5.x to 6.x & IIS 7.x & later. As both are available on my server I had to toss a coin so chose 'IIS 7.x & later'. Then got the certificate installed ok via the SBS console. Now the certification path shows a 4-level tree with the highest level saying "User Trust" and the 4th level saying "remote.mydomain.com".
But the pop-ups are still coming up as before with the red cross against "The name on the security certificate is invalid or does not match the name of the site".
Now here's the bit that gets me worried:
Both before and after purchasing and installing this certificate, when I try to Remote Desktop to the server from a local pc, I get a huge yellow warning screen saying "The Certificate is not from a trusted certifying authority", even though I just bought it from one!! But perhaps significantly, the Certificate name displayed in "Name of the certificate from the remote computer" is shown as "<servername.internal-domain-name>.local", whereas the certificate which Exchange automatically installed and which I then replaced with the one I purchased is called "remote.<myexternaldomainname.com>". Could the fact these certificate names conflict be what's causing the annoying message to pop up? And if so, how did it happen and how do I fix it?
At this warning screen, if I click on View Certificate & Certification Path it shows the version with the internal domain name and only a 1-level tree rather than the 4-level tree displayed in the Certification path of the one in the SBS Console.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39789557
The RDP error you cannot do anything about, other than disable the use of SSL during RDP. That is because you cannot get certificates issued by a trusted source using an internal only domain.
You could use the remote.example.com host name to RDP to the server, that should resolve to the server's internal IP address and allow a connection, without any SSL warning.

Was the certificate installed through the SBS console? Was the server setup using the SBS console? The key thing here is using the SBS console to configure the server and configure the SSL certificate. That way it puts the certificate in the correct places.

Are you referring to RDP or Outlook when the SSL prompt comes up and you see the local issued SSL certificate? It is hard to make out from your post.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39804706
Hi Simon
Point by point:
Now you've explained about the RDP error I'm not concerned in any way about getting the SSL message when I RDP, I only mentioned as I thought it might be relevant to the issue.
The certificate was certainly installed through SBS console but not sure what you mean by 'was the server set up using the SBS console': It was just set up by running the installation process from the DVD; I then configured all the domain/internet & Exchange stuff via the SBS console.
I'm referring to Outlook when the SSL prompt comes up as that's what's annoying my users. It doesn't seem to be adversely affecting email operation, it's just annoying everybody!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39806239
Are you using the SBS server for DNS exclusively on the clients? DHCP as well?
If you look in the DNS server applet, do you see entries for your external host name? You should if the wizards were run. If the wizards were run and you entered the correct host name, then installed the certificate with the SSL wizard in SBS, you shouldn't get any prompts, unless there is a problem with the SSL certificate.

It almost certainly is the internal Autodiscover value, but that should be set by SBS to match the external host.

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

If it isn't, then the wizards either didn't work or weren't run.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39842721
Just posting to keep the question alive: I've not had a chance to look further into this as yet but will do next week, cheers.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845794
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now