Solved

Security Alert message keeps popping up in Outlook 2013

Posted on 2013-11-15
14
670 Views
Last Modified: 2015-06-23
Just set up a 10-user LAN with each user using Outlook 2013 linked into an exchange 2007 server. All is well except 2-3 times every day on every machine an extremely irritating message insists on popping up saying "Security Alert - Information you exchange with this site cannot be viewed or changed by others. However there is a problem with the site's security certificate" and we have to click Yes to proceed then it disappears. Any way of getting rid? Most annoying!
0
Comment
Question by:laurencoull
14 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 39651807
Hi

any chance of a screen shot?

I think I have seen this message before and its to do with the Trust Center settings for Programmatic Access Settings and AV Software.

Thanks
mark
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39653483
Do you have a trusted SSL certificate on the Exchange server?
I expect it is Autodiscover, which runs regularly while Outlook is open.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39667223
Screenshot attached
security-screenshot.JPG
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39668331
"Sites."
Is this an SBS server by any chance?
If so, did you install the certificate through the SSL wizard in the management console?

Your SSL bindings are probably incorrect. If it is SBS, then run the fix my network wizard in the SBS console.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39722719
Yes it is SBS2008. I never installed a certificate. Perhaps this is where my problem lies? Can you point me more precisely to the SSL wizard in the management console? Do I have to pay for a certificate or can I use the default one, as I always have done with SBS2003?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 395 total points
ID: 39729665
You will have an SSL certificate on an SBS 2008 server, because they are put in place by the setup of Exchange. Run the wizards in SBS management console will regenerate the self signed SSL certificate - but a trusted one should be used. A suitable one can be bought for less than $60/year.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39765338
Haven't had a chance to try this out as yet, will do though
0
 

Author Comment

by:laurencoull
ID: 39788340
This is really stressing me out. I went ahead and bought a certificate from an issuing authority and installed it in my SBS2008 server. I did have an issue during this process as at the stage where I had to "Select the server software used to generate the csr" there were options for IIS 5.x to 6.x & IIS 7.x & later. As both are available on my server I had to toss a coin so chose 'IIS 7.x & later'. Then got the certificate installed ok via the SBS console. Now the certification path shows a 4-level tree with the highest level saying "User Trust" and the 4th level saying "remote.mydomain.com".
But the pop-ups are still coming up as before with the red cross against "The name on the security certificate is invalid or does not match the name of the site".
Now here's the bit that gets me worried:
Both before and after purchasing and installing this certificate, when I try to Remote Desktop to the server from a local pc, I get a huge yellow warning screen saying "The Certificate is not from a trusted certifying authority", even though I just bought it from one!! But perhaps significantly, the Certificate name displayed in "Name of the certificate from the remote computer" is shown as "<servername.internal-domain-name>.local", whereas the certificate which Exchange automatically installed and which I then replaced with the one I purchased is called "remote.<myexternaldomainname.com>". Could the fact these certificate names conflict be what's causing the annoying message to pop up? And if so, how did it happen and how do I fix it?
At this warning screen, if I click on View Certificate & Certification Path it shows the version with the internal domain name and only a 1-level tree rather than the 4-level tree displayed in the Certification path of the one in the SBS Console.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39789557
The RDP error you cannot do anything about, other than disable the use of SSL during RDP. That is because you cannot get certificates issued by a trusted source using an internal only domain.
You could use the remote.example.com host name to RDP to the server, that should resolve to the server's internal IP address and allow a connection, without any SSL warning.

Was the certificate installed through the SBS console? Was the server setup using the SBS console? The key thing here is using the SBS console to configure the server and configure the SSL certificate. That way it puts the certificate in the correct places.

Are you referring to RDP or Outlook when the SSL prompt comes up and you see the local issued SSL certificate? It is hard to make out from your post.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39804706
Hi Simon
Point by point:
Now you've explained about the RDP error I'm not concerned in any way about getting the SSL message when I RDP, I only mentioned as I thought it might be relevant to the issue.
The certificate was certainly installed through SBS console but not sure what you mean by 'was the server set up using the SBS console': It was just set up by running the installation process from the DVD; I then configured all the domain/internet & Exchange stuff via the SBS console.
I'm referring to Outlook when the SSL prompt comes up as that's what's annoying my users. It doesn't seem to be adversely affecting email operation, it's just annoying everybody!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39806239
Are you using the SBS server for DNS exclusively on the clients? DHCP as well?
If you look in the DNS server applet, do you see entries for your external host name? You should if the wizards were run. If the wizards were run and you entered the correct host name, then installed the certificate with the SSL wizard in SBS, you shouldn't get any prompts, unless there is a problem with the SSL certificate.

It almost certainly is the internal Autodiscover value, but that should be set by SBS to match the external host.

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

If it isn't, then the wizards either didn't work or weren't run.

Simon.
0
 

Author Comment

by:laurencoull
ID: 39842721
Just posting to keep the question alive: I've not had a chance to look further into this as yet but will do next week, cheers.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845794
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
question about Wallet Ramsomware Plus administrative Tools 4 23
Office 365 Maximum Recipients limitation 3 32
exchange, SPF 13 11
FTP server backups 5 6
What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question