Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Mac: Outlook certificate error when connecting to Microsoft hosted Exchange Account

Posted on 2016-08-19
6
104 Views
Last Modified: 2016-08-23
Running a Mac, using Outlook for the Mac. Why is Outlook trying to contact worldsecuresystems.com when connecting to my Microsoft hosted Exchange email account at mydomain.com? I ran a Malwarebytes sweep of the Mac, came up clean. Deleted the email account and recreated it. Same problem. See graphic attached. Thanks.
peteremailerr.png
0
Comment
Question by:tcianflone
  • 3
  • 2
6 Comments
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 200 total points
ID: 41762514
Hosted Exchange servers provide service for multiple clients, but can only provide a single certificate on the web server that provides services for Exchange. The usual way around this is to have a CNAME DNS record that translates autodiscover.company.com to autodiscover.hostedexchange.com. However, it looks like the Outlook version on the MAC doesn't properly handle that. Make sure the software is fully up to date, and if it is still having problems, you would either change things so that you're using a SRV record for Autodiscover or just ignore the certificate error.
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41765220
Took a closer look at this based on your comment, Adam. If you go to the web site for this domain and attempt to access it using https, you get the same error. See attached graphic. Where worldsystems.com comes in: This site is hosted in Adobe's business web site building platform and the registrar for those sites always come up as worldsystems.com, something I've seen before. The DNS setup inside of the hosted Exchange account checks out as correct and there is the required autodiscover.mydomain.com cname pointer to the autodiscover.outlook.com as required. And the Mac is the only device that has a problem with it. Any additional thoughts? Thank you.
httpserror.JPG
0
 
LVL 9

Accepted Solution

by:
Tim Lapin earned 300 total points
ID: 41765300
Sounds like they are trying to do domain forwarding.  While a legitimate procedure, it is also the hallmark of many an internet scam.  It could be that Outlook for Mac (and/or the browsers on that mac) are set to a high degree of paranoia.  

I have found that, if you (as a person) trust the destination site, setting the certificate status to "Always Trust" solves the problem.  Office 2016 for Mac seems to require this extra step, while Office for Mac 2011 does not.

You might have to open the "Trust" sub heading for more options; it's been a while and I can't remember if there was a second level of acceptance required for this certificate issue.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Closing Comment

by:tcianflone
ID: 41765318
The Always trust check box is right on the error dialog. Now that I understand the relationship between the user's domain and the worldsecuresystems.com domain, I was able to advise the client to click Always trust and continue to site. Thanks for your help, all.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41765536
Just as an FYI, if you have a website using domain.com as its host name, you can get certificate errors in Outlook because the first place Autodiscover checks for autodiscover info is domain.com. The reason this happens is the website is configured to redirect all invalid requests to the root directory. If the autodiscover service in Outlook gets any response other than 404 when attempting to connect to the website, it will initiate a full session to check Autodiscover information validity, which then causes the certificate error to pop up.

It's possible to prevent Outlook from using domain.com as a lookup point for autodiscover using group policy, but Macs aren't configurable with group policy by default, so you may have something in place on your Windows machines to keep this from popping up, but Macs can't get that configuration. That said, accepting the certificate and setting to always trust is an acceptable work-around, but the full fix would be to reconfigure the web server at domain.com so it is not redirecting or forwarding any requests for https://domain.com/autodiscover/autodiscover.xml
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41766979
Thanks for the additional info, Adam. I wanted to get back here to include the proper name of the Adobe web platform that this domain is built on. It's call Adobe Business Catalyst. When your web site is hosted on that platform, that's when worldsecuresystems.com becomes involved with your web site and associated DNS records. This particular site uses the Adobe Business Catalyst nameservers. The user interface for managing DNS records there was not very good last time I looked. Not sure whether it would allow me the level of control to implement Adam's suggestion above. In any case, I have now at least got the name of the platform here so that future user searches might turn up this question. Cheers!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question