Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Security Alert in Outlook

Posted on 2014-02-19
Last Modified: 2014-02-19
Odd issue, which I believe to know why it's happening, but not how to fix it right now.

We recently acquired a new company, they are using Outlook 365 and still connecting to and using their old email domain, not connected to our Exchange servers at all.  However, they do log on to our domain.

We are putting up a new Exchange 2010 VM and transferring mailboxes for the rest of the company over.

Only these users not configured for our email are getting a security warning for the new exchange server:

server.domain.local - information you exchange with this site cannot be viewed or changed by others.  However, there is a problem with the site's security certificate.  

With the name on the security certificate is invalid or does not match the name of the site being the one marked with the red X.

So I believe since they log onto our domain, for some reason Outlook autodiscover is seeing the new server even though it's not even configured to use it for email... how can I prevent this error?

The old exchange server never gave errors, and is still running.  I do not have any services pointed and running on the new server yet.  I do have a UCC certificate installed on the new server, the old one only had a self signed certificate, but as mentioned, never gave any errors to them.
Question by:DerekFG
  • 2
  • 2
LVL 37

Accepted Solution

Jamie McKillop earned 500 total points
ID: 39870755

You need to stop the IIS services on your server until you are ready to go live. The problem is that when you setup the server, it registered the SCP in AD. Outlook is then pulling that value when it does autodiscover.


Author Comment

ID: 39870820
Hmm - I guess I can temporarily stop the services while not testing things.  This would just kill OWA and AutoDiscover correct? I could still manage mailbox migrations for testing, etc.. then just turn IIS back on after hours when testing owa/etc.

I thought there may be someway to just remove the internal/external autodiscover url completely for now from the EMC and achieve the same.
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 500 total points
ID: 39870836
Yes, you can also run set-clientaccessserver -identity <server> -autodiscoverserviceinternaluri $null


Author Comment

ID: 39870844
Much appreciated.

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question