Outlook pulling certificate from our website.

Hello Experts,

We recently migrated our Exchange 2013 server to Office365 Exchange Online.  Outlook was popping up a cert warning for all users advising that the certificate was expired.  The local cert from the Exchange server we migrated from really was expired; however, the popups continued even after we migrated to Exchange Online.  On a hunch, I replaced the certificate used on our website (even though we don't use https) and the popups ceased for most of our users except two who still get the popup ever time they open Outlook 2013 or 2010.  I've run an ExRCA test and verified the expired cert is not shown during an Autodiscover test.  I've never seen anything like this.  

Side note - Our Autodiscover DNS record is a CNAME pointing to autodiscover.outlook.com.
LVL 2
terminalbAsked:
Who is Participating?
 
Vasil Michev (MVP)Connect With a Mentor Commented:
To add to what other experts have said above, you can simply 'force' Outlook to bypass local autodiscovery by using the registry keys mentioned in this article: http://support.microsoft.com/kb/2212902

CNAME (HTTP redirect method) is the only thing you need for EO.
0
 
Gareth GudgerConnect With a Mentor Commented:
Prior to Outlook clients going to the autodiscover record they will attempt to resolve to just yourdomain.com. Make sure your hosting provider does not have a wildcard or catchall record that is redirecting everything (including misspellings) to your WWW website for example. Normally I think those are a * or @ type record in most providers.
0
 
Md. MojahidCommented:
This sounds like Autodiscover issues.
If you browse to https://example.com then you should get an SSL prompt of some description. That will allow you to see the SSL certificate and possibly where it is coming from.
You should also check where the host name resolves to.

If it is happening from outside the network then it will be Autodiscover and it will be because there is an SSL certificate on the public web site. Autodiscover queries a number of URLs, one of which is the root of the domain.

This is further complicated by some hosting control panels having Autodiscover support for their own purposes, to the URL that Outlook is querying is actually valid. If that is the case then you will need to speak to your hosting company to get them to block it.

You can see what Autodiscover is doing via the Microsoft test site at the link above, or through Outlook itself. http://semb.ee/adt
0
 
Hello WorldCommented:
Would you please to doule check the SAN for certificate?
meanwhile try to re-receate a Outlook profile for testing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.