Solved

Security Alert in Outlook

Posted on 2014-02-19
4
512 Views
Last Modified: 2014-02-19
Odd issue, which I believe to know why it's happening, but not how to fix it right now.

We recently acquired a new company, they are using Outlook 365 and still connecting to and using their old email domain, not connected to our Exchange servers at all.  However, they do log on to our domain.

We are putting up a new Exchange 2010 VM and transferring mailboxes for the rest of the company over.

Only these users not configured for our email are getting a security warning for the new exchange server:

server.domain.local - information you exchange with this site cannot be viewed or changed by others.  However, there is a problem with the site's security certificate.  

With the name on the security certificate is invalid or does not match the name of the site being the one marked with the red X.

So I believe since they log onto our domain, for some reason Outlook autodiscover is seeing the new server even though it's not even configured to use it for email... how can I prevent this error?

The old exchange server never gave errors, and is still running.  I do not have any services pointed and running on the new server yet.  I do have a UCC certificate installed on the new server, the old one only had a self signed certificate, but as mentioned, never gave any errors to them.
0
Comment
Question by:DerekFG
  • 2
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 500 total points
ID: 39870755
Hello,

You need to stop the IIS services on your server until you are ready to go live. The problem is that when you setup the server, it registered the SCP in AD. Outlook is then pulling that value when it does autodiscover.

-JJ
0
 
LVL 2

Author Comment

by:DerekFG
ID: 39870820
Hmm - I guess I can temporarily stop the services while not testing things.  This would just kill OWA and AutoDiscover correct? I could still manage mailbox migrations for testing, etc.. then just turn IIS back on after hours when testing owa/etc.

I thought there may be someway to just remove the internal/external autodiscover url completely for now from the EMC and achieve the same.
0
 
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 500 total points
ID: 39870836
Yes, you can also run set-clientaccessserver -identity <server> -autodiscoverserviceinternaluri $null

-JJ
0
 
LVL 2

Author Comment

by:DerekFG
ID: 39870844
Much appreciated.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question