Solved

Mac: Outlook certificate error when connecting to Microsoft hosted Exchange Account

Posted on 2016-08-19
6
89 Views
Last Modified: 2016-08-23
Running a Mac, using Outlook for the Mac. Why is Outlook trying to contact worldsecuresystems.com when connecting to my Microsoft hosted Exchange email account at mydomain.com? I ran a Malwarebytes sweep of the Mac, came up clean. Deleted the email account and recreated it. Same problem. See graphic attached. Thanks.
peteremailerr.png
0
Comment
Question by:tcianflone
  • 3
  • 2
6 Comments
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 200 total points
ID: 41762514
Hosted Exchange servers provide service for multiple clients, but can only provide a single certificate on the web server that provides services for Exchange. The usual way around this is to have a CNAME DNS record that translates autodiscover.company.com to autodiscover.hostedexchange.com. However, it looks like the Outlook version on the MAC doesn't properly handle that. Make sure the software is fully up to date, and if it is still having problems, you would either change things so that you're using a SRV record for Autodiscover or just ignore the certificate error.
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41765220
Took a closer look at this based on your comment, Adam. If you go to the web site for this domain and attempt to access it using https, you get the same error. See attached graphic. Where worldsystems.com comes in: This site is hosted in Adobe's business web site building platform and the registrar for those sites always come up as worldsystems.com, something I've seen before. The DNS setup inside of the hosted Exchange account checks out as correct and there is the required autodiscover.mydomain.com cname pointer to the autodiscover.outlook.com as required. And the Mac is the only device that has a problem with it. Any additional thoughts? Thank you.
httpserror.JPG
0
 
LVL 9

Accepted Solution

by:
Tim Lapin earned 300 total points
ID: 41765300
Sounds like they are trying to do domain forwarding.  While a legitimate procedure, it is also the hallmark of many an internet scam.  It could be that Outlook for Mac (and/or the browsers on that mac) are set to a high degree of paranoia.  

I have found that, if you (as a person) trust the destination site, setting the certificate status to "Always Trust" solves the problem.  Office 2016 for Mac seems to require this extra step, while Office for Mac 2011 does not.

You might have to open the "Trust" sub heading for more options; it's been a while and I can't remember if there was a second level of acceptance required for this certificate issue.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Closing Comment

by:tcianflone
ID: 41765318
The Always trust check box is right on the error dialog. Now that I understand the relationship between the user's domain and the worldsecuresystems.com domain, I was able to advise the client to click Always trust and continue to site. Thanks for your help, all.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41765536
Just as an FYI, if you have a website using domain.com as its host name, you can get certificate errors in Outlook because the first place Autodiscover checks for autodiscover info is domain.com. The reason this happens is the website is configured to redirect all invalid requests to the root directory. If the autodiscover service in Outlook gets any response other than 404 when attempting to connect to the website, it will initiate a full session to check Autodiscover information validity, which then causes the certificate error to pop up.

It's possible to prevent Outlook from using domain.com as a lookup point for autodiscover using group policy, but Macs aren't configurable with group policy by default, so you may have something in place on your Windows machines to keep this from popping up, but Macs can't get that configuration. That said, accepting the certificate and setting to always trust is an acceptable work-around, but the full fix would be to reconfigure the web server at domain.com so it is not redirecting or forwarding any requests for https://domain.com/autodiscover/autodiscover.xml
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41766979
Thanks for the additional info, Adam. I wanted to get back here to include the proper name of the Adobe web platform that this domain is built on. It's call Adobe Business Catalyst. When your web site is hosted on that platform, that's when worldsecuresystems.com becomes involved with your web site and associated DNS records. This particular site uses the Adobe Business Catalyst nameservers. The user interface for managing DNS records there was not very good last time I looked. Not sure whether it would allow me the level of control to implement Adam's suggestion above. In any case, I have now at least got the name of the platform here so that future user searches might turn up this question. Cheers!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question