Link to home
Start Free TrialLog in
Avatar of mvalpreda
mvalpredaFlag for United States of America

asked on

Outlook 2013 getting certificate error when starting - Outlook Anywhere missing?

Outlook 2013 connecting to an Exchange 2016 server and getting a certificate error. The hostname it has an issue with is the internal name of the server 'mail01.domain.local' We have a legit cert for mail.domain.com and it is the only certificate in Exchange. All the URLs in Exchange are pointed to mail.domain.com. Been through all the vdirs in ECP multiple times. I don't see mail01.domain.local in there anywhere.

Where is it picking up mail01.domain.local from in Outlook?

One thing I noticed when looking at the settings on the client is that is does not appear to be using Outlook Anywhere to connect. I don't see the option to connect via RPC over HTTP. If I try and manually set up Outlook Anywhere/RPC over HTTP, it works....but seems to drop the RPC over HTTP after a subsequent close/open of Outlook. There is still an Exchange 2010 server in the environment, but should be going away next weekend. I'm hoping there is not total fallout on the clients when the old Exchange server is decommissioned.

Funny thing is the Microsoft Remote Connectivity Analyzer says Outlook Anywhere is good.
Avatar of Kash
Kash
Flag of United Kingdom of Great Britain and Northern Ireland image

once outlook is open, CTRL or SHIFT click and it should give you option to test config. Test and post the results here.

what if you manually add the account using MSSTD
Reading your post would lead me to a split DNS configuration...
Where is mail.domain.com pointing too from the internal perspective? The new server, old server or an external gateway?

Looking on Kash's hint, do you see any connection to the local machine name in the Test-Email AutoConfiguration dialog?

If you click on CTRL- Outlook Icon (tray icon), which connections do you see in the Microsoft Exchange Connection Status? Especially if the issue occur?

By the way, testing your decommissioning of your old server is very easy. Just shut it down if there are no mailboxes anymore. If everything is fine, nothing happens. Otherwise you may have found a possible reason.
Avatar of mvalpreda

ASKER

Is there a list of all the PowerShell commands for all the URLs? I feel like I am missing one maybe. Or is there a service I should recycle after making changes so I know they are taking effect?
ASKER CERTIFIED SOLUTION
Avatar of M A
M A
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Possibly it has to do with the autodiscover process (which may work different on different Outlook versions). Several options are tried until a working option is found.

The recommendation for the cert is to have the alias, autodicover and the root inside, so i.e.
mail.mydomain.tld
autodiscover.domain.tld
domain.tld

The client tries to connect to autodiscover.domain.tld. If this name is not in the certificate, it may produce an error if requested via SSL.
I had same problem. I checked URL many times those are right. I checked with ps and Management console. still my test Outlook 2016 gets cert error server shows local address exserver.domain.local. But cert properties shows *.domain.com. Any ideas what to check with EX2016 configurations.