Solved

Outlook pulling certificate from our website.

Posted on 2014-12-29
4
142 Views
Last Modified: 2014-12-30
Hello Experts,

We recently migrated our Exchange 2013 server to Office365 Exchange Online.  Outlook was popping up a cert warning for all users advising that the certificate was expired.  The local cert from the Exchange server we migrated from really was expired; however, the popups continued even after we migrated to Exchange Online.  On a hunch, I replaced the certificate used on our website (even though we don't use https) and the popups ceased for most of our users except two who still get the popup ever time they open Outlook 2013 or 2010.  I've run an ExRCA test and verified the expired cert is not shown during an Autodiscover test.  I've never seen anything like this.  

Side note - Our Autodiscover DNS record is a CNAME pointing to autodiscover.outlook.com.
0
Comment
Question by:terminalb
4 Comments
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
ID: 40522997
Prior to Outlook clients going to the autodiscover record they will attempt to resolve to just yourdomain.com. Make sure your hosting provider does not have a wildcard or catchall record that is redirecting everything (including misspellings) to your WWW website for example. Normally I think those are a * or @ type record in most providers.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 40523181
This sounds like Autodiscover issues.
If you browse to https://example.com then you should get an SSL prompt of some description. That will allow you to see the SSL certificate and possibly where it is coming from.
You should also check where the host name resolves to.

If it is happening from outside the network then it will be Autodiscover and it will be because there is an SSL certificate on the public web site. Autodiscover queries a number of URLs, one of which is the root of the domain.

This is further complicated by some hosting control panels having Autodiscover support for their own purposes, to the URL that Outlook is querying is actually valid. If that is the case then you will need to speak to your hosting company to get them to block it.

You can see what Autodiscover is doing via the Microsoft test site at the link above, or through Outlook itself. http://semb.ee/adt
0
 
LVL 5

Expert Comment

by:Hello World
ID: 40523312
Would you please to doule check the SAN for certificate?
meanwhile try to re-receate a Outlook profile for testing.
0
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 250 total points
ID: 40523354
To add to what other experts have said above, you can simply 'force' Outlook to bypass local autodiscovery by using the registry keys mentioned in this article: http://support.microsoft.com/kb/2212902

CNAME (HTTP redirect method) is the only thing you need for EO.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question