Solved

Outlook pulling certificate from our website.

Posted on 2014-12-29
4
143 Views
Last Modified: 2014-12-30
Hello Experts,

We recently migrated our Exchange 2013 server to Office365 Exchange Online.  Outlook was popping up a cert warning for all users advising that the certificate was expired.  The local cert from the Exchange server we migrated from really was expired; however, the popups continued even after we migrated to Exchange Online.  On a hunch, I replaced the certificate used on our website (even though we don't use https) and the popups ceased for most of our users except two who still get the popup ever time they open Outlook 2013 or 2010.  I've run an ExRCA test and verified the expired cert is not shown during an Autodiscover test.  I've never seen anything like this.  

Side note - Our Autodiscover DNS record is a CNAME pointing to autodiscover.outlook.com.
0
Comment
Question by:terminalb
4 Comments
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
ID: 40522997
Prior to Outlook clients going to the autodiscover record they will attempt to resolve to just yourdomain.com. Make sure your hosting provider does not have a wildcard or catchall record that is redirecting everything (including misspellings) to your WWW website for example. Normally I think those are a * or @ type record in most providers.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 40523181
This sounds like Autodiscover issues.
If you browse to https://example.com then you should get an SSL prompt of some description. That will allow you to see the SSL certificate and possibly where it is coming from.
You should also check where the host name resolves to.

If it is happening from outside the network then it will be Autodiscover and it will be because there is an SSL certificate on the public web site. Autodiscover queries a number of URLs, one of which is the root of the domain.

This is further complicated by some hosting control panels having Autodiscover support for their own purposes, to the URL that Outlook is querying is actually valid. If that is the case then you will need to speak to your hosting company to get them to block it.

You can see what Autodiscover is doing via the Microsoft test site at the link above, or through Outlook itself. http://semb.ee/adt
0
 
LVL 5

Expert Comment

by:Hello World
ID: 40523312
Would you please to doule check the SAN for certificate?
meanwhile try to re-receate a Outlook profile for testing.
0
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 250 total points
ID: 40523354
To add to what other experts have said above, you can simply 'force' Outlook to bypass local autodiscovery by using the registry keys mentioned in this article: http://support.microsoft.com/kb/2212902

CNAME (HTTP redirect method) is the only thing you need for EO.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Schedule Outlook Calendar 5 27
OWA issue - Exchange 2013 - 440 Login Timeout 8 37
Lync to Skype for Business 2 16
2010>2016 PF Migration completion issue 2 19
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question