Outlook 2010 Autodiscover prompt - not our domain

Experts,

OK, I am stumped on this one.  I have a client running an SBS2008 server (Exchange 2007).  Recently any outlook 2010 client has been getting this pop up regarding to allow an autodiscover prompt:

"Allow this website to configure "internal_user@address.com" server settings"
https://autodiscover.cloudlogin.co/autodiscover/autodiscover.html
your account was redirected to this website for settings
You should only allow settings from sources your know and trust"

When I have the user click "Cancel" it just pops back up 20 min later while Outlook is open.  Again this is affecting multiple internal users.

This is not their domain name and looks very suspicious

I did run the MS Connectivity Analyzer and it's showing up as a www.rapidssl.cm certificate.  No idea where this came from but I need to get rid of it.  Screehshot attached

It also shows the correct autodiscovery entry as well.  Internal DNS I do have the autodiscover pointed to the correct name  - again everything is working fine but don't know why this is popping up and need to get rid of it for good.

On the Exchange server in the powershell I ran the cmdlt to get exchange certificates and that looks fine.  It's correct and this is not part of it.

Everything is running fine with Exchange, Outlook and mailflow.  I just want to get rid of this message/prompt.  I should not have to go to each workstation and edit the registry setting to suppress this like I've seen other suggestions. If this was on one machine I can understand but it's affecting about 15 workstations.

Any thoughts or ideas would be appreciated.

thank you very much
screenshot.jpg
New-Picture--2-.png
mkavinskyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin YeungSenior Systems EngineerCommented:
it looks normal to me.

your autodiscover is a SRV record pointing to that domain

Non-authoritative answer:
_autodiscover._tcp.ica-artconservation.org      SRV service location:
          priority       = 10
          weight         = 1
          port           = 443
          svr hostname   = autodiscover.cloudlogin.co
0
Dejan VasiljevicSys Admin and ProgrammerCommented:
Hi mkavinsky,

Can you tell us, if you've done migration from old to new server recently ?

Thanks,
D.
0
mkavinskyAuthor Commented:
No, no migration was done for quite a few years.  

Justin - I don't know what the autodiscover.cloudlogin.co  is?   Should not be there I don't believe.  That's why I'm trying to figure out how it got there and how to get rid of it
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Justin YeungSenior Systems EngineerCommented:
> set type=ns
> ica-artconservation.org
Server:  vdnssec1.srv.hcvlny.cv.net
Address:  167.206.13.180

Non-authoritative answer:
ica-artconservation.org nameserver = dns2.supremedns.com
ica-artconservation.org nameserver = dns1.supremedns.com

dns2.supremedns.com     internet address = 198.23.56.4

----------------------------------

these are your name server of domain ica-artconservation.org
ica-artconservation.org nameserver = dns2.supremedns.com
ica-artconservation.org nameserver = dns1.supremedns.com

you will have to modify/update your SRV record to a deserved autodiscover settings.
if your autodiscover external URL is autodiscover.ica-artconservation.org, you can delete your SRV record and add an A record pointing to your CAS public IP

here is how you get the external URL settings
get-autodiscovervirtualdirectory | fl Name,ExternalURL

also changing DNS does take time, it is based on the TTL setting by default most of the DNS server is using 3600 seconds.

so if you make a mistake it will take another 3600 seconds to get the updated record.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mkavinskyAuthor Commented:
Thank you for the response.  I did some digging around with dns and I do see that cloudlogin.co record as well now - I will contact the client on Monday and have them provide me the login to their domain records host registrar and see if  can either get rid of it or maybe it was an update for them.  

Thanks for pointing me in the right direction.  Let' see if this clears this up.  I'll keep you posted

thanks
0
mkavinskyAuthor Commented:
Justin,

Was able to talk to the client today and figure this out.  Apparenlty the "cloudlogin" is part of there DNS domain name hosting.  Something must have changed on their end to all the sudden have this pop up appear but it seems legit and DNS records are good.   I did login to the hosting site and all is good.

Thank you for your time and effort on this and getting me pointed into the right direction
0
Justin YeungSenior Systems EngineerCommented:
Then you will have to ensure auto discover.icloudlogin certificate on your exchange other wise the cert error will not stop
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.