Solved

Outlook pulling certificate from our website.

Posted on 2014-12-29
4
147 Views
Last Modified: 2014-12-30
Hello Experts,

We recently migrated our Exchange 2013 server to Office365 Exchange Online.  Outlook was popping up a cert warning for all users advising that the certificate was expired.  The local cert from the Exchange server we migrated from really was expired; however, the popups continued even after we migrated to Exchange Online.  On a hunch, I replaced the certificate used on our website (even though we don't use https) and the popups ceased for most of our users except two who still get the popup ever time they open Outlook 2013 or 2010.  I've run an ExRCA test and verified the expired cert is not shown during an Autodiscover test.  I've never seen anything like this.  

Side note - Our Autodiscover DNS record is a CNAME pointing to autodiscover.outlook.com.
0
Comment
Question by:terminalb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
ID: 40522997
Prior to Outlook clients going to the autodiscover record they will attempt to resolve to just yourdomain.com. Make sure your hosting provider does not have a wildcard or catchall record that is redirecting everything (including misspellings) to your WWW website for example. Normally I think those are a * or @ type record in most providers.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 40523181
This sounds like Autodiscover issues.
If you browse to https://example.com then you should get an SSL prompt of some description. That will allow you to see the SSL certificate and possibly where it is coming from.
You should also check where the host name resolves to.

If it is happening from outside the network then it will be Autodiscover and it will be because there is an SSL certificate on the public web site. Autodiscover queries a number of URLs, one of which is the root of the domain.

This is further complicated by some hosting control panels having Autodiscover support for their own purposes, to the URL that Outlook is querying is actually valid. If that is the case then you will need to speak to your hosting company to get them to block it.

You can see what Autodiscover is doing via the Microsoft test site at the link above, or through Outlook itself. http://semb.ee/adt
0
 
LVL 5

Expert Comment

by:Hello World
ID: 40523312
Would you please to doule check the SAN for certificate?
meanwhile try to re-receate a Outlook profile for testing.
0
 
LVL 41

Accepted Solution

by:
Vasil Michev (MVP) earned 250 total points
ID: 40523354
To add to what other experts have said above, you can simply 'force' Outlook to bypass local autodiscovery by using the registry keys mentioned in this article: http://support.microsoft.com/kb/2212902

CNAME (HTTP redirect method) is the only thing you need for EO.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question