Solved

Security Alert in Outlook

Posted on 2014-02-19
4
510 Views
Last Modified: 2014-02-19
Odd issue, which I believe to know why it's happening, but not how to fix it right now.

We recently acquired a new company, they are using Outlook 365 and still connecting to and using their old email domain, not connected to our Exchange servers at all.  However, they do log on to our domain.

We are putting up a new Exchange 2010 VM and transferring mailboxes for the rest of the company over.

Only these users not configured for our email are getting a security warning for the new exchange server:

server.domain.local - information you exchange with this site cannot be viewed or changed by others.  However, there is a problem with the site's security certificate.  

With the name on the security certificate is invalid or does not match the name of the site being the one marked with the red X.

So I believe since they log onto our domain, for some reason Outlook autodiscover is seeing the new server even though it's not even configured to use it for email... how can I prevent this error?

The old exchange server never gave errors, and is still running.  I do not have any services pointed and running on the new server yet.  I do have a UCC certificate installed on the new server, the old one only had a self signed certificate, but as mentioned, never gave any errors to them.
0
Comment
Question by:DerekFG
  • 2
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 500 total points
ID: 39870755
Hello,

You need to stop the IIS services on your server until you are ready to go live. The problem is that when you setup the server, it registered the SCP in AD. Outlook is then pulling that value when it does autodiscover.

-JJ
0
 
LVL 2

Author Comment

by:DerekFG
ID: 39870820
Hmm - I guess I can temporarily stop the services while not testing things.  This would just kill OWA and AutoDiscover correct? I could still manage mailbox migrations for testing, etc.. then just turn IIS back on after hours when testing owa/etc.

I thought there may be someway to just remove the internal/external autodiscover url completely for now from the EMC and achieve the same.
0
 
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 500 total points
ID: 39870836
Yes, you can also run set-clientaccessserver -identity <server> -autodiscoverserviceinternaluri $null

-JJ
0
 
LVL 2

Author Comment

by:DerekFG
ID: 39870844
Much appreciated.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question