Mac: Outlook certificate error when connecting to Microsoft hosted Exchange Account

Running a Mac, using Outlook for the Mac. Why is Outlook trying to contact worldsecuresystems.com when connecting to my Microsoft hosted Exchange email account at mydomain.com? I ran a Malwarebytes sweep of the Mac, came up clean. Deleted the email account and recreated it. Same problem. See graphic attached. Thanks.
peteremailerr.png
LVL 1
tcianfloneAsked:
Who is Participating?
 
Tim LapinComputer Consultant (Desktop analyst)Commented:
Sounds like they are trying to do domain forwarding.  While a legitimate procedure, it is also the hallmark of many an internet scam.  It could be that Outlook for Mac (and/or the browsers on that mac) are set to a high degree of paranoia.  

I have found that, if you (as a person) trust the destination site, setting the certificate status to "Always Trust" solves the problem.  Office 2016 for Mac seems to require this extra step, while Office for Mac 2011 does not.

You might have to open the "Trust" sub heading for more options; it's been a while and I can't remember if there was a second level of acceptance required for this certificate issue.
0
 
Adam BrownSr Solutions ArchitectCommented:
Hosted Exchange servers provide service for multiple clients, but can only provide a single certificate on the web server that provides services for Exchange. The usual way around this is to have a CNAME DNS record that translates autodiscover.company.com to autodiscover.hostedexchange.com. However, it looks like the Outlook version on the MAC doesn't properly handle that. Make sure the software is fully up to date, and if it is still having problems, you would either change things so that you're using a SRV record for Autodiscover or just ignore the certificate error.
0
 
tcianfloneAuthor Commented:
Took a closer look at this based on your comment, Adam. If you go to the web site for this domain and attempt to access it using https, you get the same error. See attached graphic. Where worldsystems.com comes in: This site is hosted in Adobe's business web site building platform and the registrar for those sites always come up as worldsystems.com, something I've seen before. The DNS setup inside of the hosted Exchange account checks out as correct and there is the required autodiscover.mydomain.com cname pointer to the autodiscover.outlook.com as required. And the Mac is the only device that has a problem with it. Any additional thoughts? Thank you.
httpserror.JPG
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
tcianfloneAuthor Commented:
The Always trust check box is right on the error dialog. Now that I understand the relationship between the user's domain and the worldsecuresystems.com domain, I was able to advise the client to click Always trust and continue to site. Thanks for your help, all.
0
 
Adam BrownSr Solutions ArchitectCommented:
Just as an FYI, if you have a website using domain.com as its host name, you can get certificate errors in Outlook because the first place Autodiscover checks for autodiscover info is domain.com. The reason this happens is the website is configured to redirect all invalid requests to the root directory. If the autodiscover service in Outlook gets any response other than 404 when attempting to connect to the website, it will initiate a full session to check Autodiscover information validity, which then causes the certificate error to pop up.

It's possible to prevent Outlook from using domain.com as a lookup point for autodiscover using group policy, but Macs aren't configurable with group policy by default, so you may have something in place on your Windows machines to keep this from popping up, but Macs can't get that configuration. That said, accepting the certificate and setting to always trust is an acceptable work-around, but the full fix would be to reconfigure the web server at domain.com so it is not redirecting or forwarding any requests for https://domain.com/autodiscover/autodiscover.xml
0
 
tcianfloneAuthor Commented:
Thanks for the additional info, Adam. I wanted to get back here to include the proper name of the Adobe web platform that this domain is built on. It's call Adobe Business Catalyst. When your web site is hosted on that platform, that's when worldsecuresystems.com becomes involved with your web site and associated DNS records. This particular site uses the Adobe Business Catalyst nameservers. The user interface for managing DNS records there was not very good last time I looked. Not sure whether it would allow me the level of control to implement Adam's suggestion above. In any case, I have now at least got the name of the platform here so that future user searches might turn up this question. Cheers!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.