We help IT Professionals succeed at work.
Get Started

Why is Outlook 2007 throwing an Autodiscover certificate error when connecting to SBS 2011 Exchange?

Last Modified: 2016-02-05
The current situation is probably the product of cumulative errors over a couple of years, but it’s reached a point where I'm pulling out what hair I have left.

An SBS 2011 Exchange installation which has been working fine for years has recently started throwing an autodiscover name mismatch certificate error when Outlook 2007 is started on a domain computer. There is a website for the domain (let’s call it xyz.co.uk) although it’s not active at the moment, but the mail server at remote.xyz.co.uk is fairly busy, and it’s that name that I'm expecting to see on the SSL certificate; instead, I'm seeing the certificate for the domain name host, with the name *.123-secure.com on it although I'm pretty sure that if things were working properly I wouldn't see anything relating to SSL certificates at all.

If it’s relevant, the mail server is using a UCC SSL certificate from GoDaddy.

I've tried adding a CNAME record to the internal DNS forward lookup zone to no avail, and an SRV record for xyz.co.uk to the external DNS via the 123-reg control panel, but the error persists. I started to add a SRV record to the internal DNS forward lookup zone as well, until I noticed that the domain field at the top of the form contained remote.xyz.co.uk and not just xyz.co.uk. I sensed that pointing the record to itself might not be helpful...

Nslookup returns the IP address of the domain name host and not the static public IP of the SBS server; it lists no aliases.

The MS Test Connectivity tool for autodiscover for both ActiveSync and Outlook passes with warnings, to the effect that the DNS SRV redirect method was the only one that worked. The other methods returned name mismatches and wrong IP addresses. This suggests that the SRV record I added is both correct and necessary.

OWA works fine, and mail is sent and received without problems.

It seems that autodiscover is finding the root domain xyz.co.uk instead of being directed to remote.xyz.co.uk, so how can I fix this?

Why is the 123-secure certificate being invoked at all?

I’ve found 123-reg support to be glacially slow and entirely unhelpful so far.

Do I have to start again from scratch, or is the situation retrievable?
Watch Question
EE Solution Guide - Technical Dept Head
Most Valuable Expert 2020
Most Valuable Expert 2017
This problem has been solved!
Unlock 1 Answer and 6 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE