Outlook 2013 getting certificate error when starting - Outlook Anywhere missing?

mvalpreda
mvalpreda used Ask the Experts™
on
Outlook 2013 connecting to an Exchange 2016 server and getting a certificate error. The hostname it has an issue with is the internal name of the server 'mail01.domain.local' We have a legit cert for mail.domain.com and it is the only certificate in Exchange. All the URLs in Exchange are pointed to mail.domain.com. Been through all the vdirs in ECP multiple times. I don't see mail01.domain.local in there anywhere.

Where is it picking up mail01.domain.local from in Outlook?

One thing I noticed when looking at the settings on the client is that is does not appear to be using Outlook Anywhere to connect. I don't see the option to connect via RPC over HTTP. If I try and manually set up Outlook Anywhere/RPC over HTTP, it works....but seems to drop the RPC over HTTP after a subsequent close/open of Outlook. There is still an Exchange 2010 server in the environment, but should be going away next weekend. I'm hoping there is not total fallout on the clients when the old Exchange server is decommissioned.

Funny thing is the Microsoft Remote Connectivity Analyzer says Outlook Anywhere is good.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kash2nd Line Engineer

Commented:
once outlook is open, CTRL or SHIFT click and it should give you option to test config. Test and post the results here.

what if you manually add the account using MSSTD
Reading your post would lead me to a split DNS configuration...
Where is mail.domain.com pointing too from the internal perspective? The new server, old server or an external gateway?

Looking on Kash's hint, do you see any connection to the local machine name in the Test-Email AutoConfiguration dialog?

If you click on CTRL- Outlook Icon (tray icon), which connections do you see in the Microsoft Exchange Connection Status? Especially if the issue occur?

By the way, testing your decommissioning of your old server is very easy. Just shut it down if there are no mailboxes anymore. If everything is fine, nothing happens. Otherwise you may have found a possible reason.

Author

Commented:
Is there a list of all the PowerShell commands for all the URLs? I feel like I am missing one maybe. Or is there a service I should recycle after making changes so I know they are taking effect?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

EE Solution Guide - Technical Dept Head
Most Valuable Expert 2017
Commented:
Possibly it has to do with the autodiscover process (which may work different on different Outlook versions). Several options are tried until a working option is found.

The recommendation for the cert is to have the alias, autodicover and the root inside, so i.e.
mail.mydomain.tld
autodiscover.domain.tld
domain.tld

The client tries to connect to autodiscover.domain.tld. If this name is not in the certificate, it may produce an error if requested via SSL.
I had same problem. I checked URL many times those are right. I checked with ps and Management console. still my test Outlook 2016 gets cert error server shows local address exserver.domain.local. But cert properties shows *.domain.com. Any ideas what to check with EX2016 configurations.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial