Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Mac: Outlook certificate error when connecting to Microsoft hosted Exchange Account

Posted on 2016-08-19
6
Medium Priority
?
317 Views
Last Modified: 2016-08-23
Running a Mac, using Outlook for the Mac. Why is Outlook trying to contact worldsecuresystems.com when connecting to my Microsoft hosted Exchange email account at mydomain.com? I ran a Malwarebytes sweep of the Mac, came up clean. Deleted the email account and recreated it. Same problem. See graphic attached. Thanks.
peteremailerr.png
0
Comment
Question by:tcianflone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 800 total points
ID: 41762514
Hosted Exchange servers provide service for multiple clients, but can only provide a single certificate on the web server that provides services for Exchange. The usual way around this is to have a CNAME DNS record that translates autodiscover.company.com to autodiscover.hostedexchange.com. However, it looks like the Outlook version on the MAC doesn't properly handle that. Make sure the software is fully up to date, and if it is still having problems, you would either change things so that you're using a SRV record for Autodiscover or just ignore the certificate error.
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41765220
Took a closer look at this based on your comment, Adam. If you go to the web site for this domain and attempt to access it using https, you get the same error. See attached graphic. Where worldsystems.com comes in: This site is hosted in Adobe's business web site building platform and the registrar for those sites always come up as worldsystems.com, something I've seen before. The DNS setup inside of the hosted Exchange account checks out as correct and there is the required autodiscover.mydomain.com cname pointer to the autodiscover.outlook.com as required. And the Mac is the only device that has a problem with it. Any additional thoughts? Thank you.
httpserror.JPG
0
 
LVL 9

Accepted Solution

by:
Tim Lapin earned 1200 total points
ID: 41765300
Sounds like they are trying to do domain forwarding.  While a legitimate procedure, it is also the hallmark of many an internet scam.  It could be that Outlook for Mac (and/or the browsers on that mac) are set to a high degree of paranoia.  

I have found that, if you (as a person) trust the destination site, setting the certificate status to "Always Trust" solves the problem.  Office 2016 for Mac seems to require this extra step, while Office for Mac 2011 does not.

You might have to open the "Trust" sub heading for more options; it's been a while and I can't remember if there was a second level of acceptance required for this certificate issue.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 1

Author Closing Comment

by:tcianflone
ID: 41765318
The Always trust check box is right on the error dialog. Now that I understand the relationship between the user's domain and the worldsecuresystems.com domain, I was able to advise the client to click Always trust and continue to site. Thanks for your help, all.
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41765536
Just as an FYI, if you have a website using domain.com as its host name, you can get certificate errors in Outlook because the first place Autodiscover checks for autodiscover info is domain.com. The reason this happens is the website is configured to redirect all invalid requests to the root directory. If the autodiscover service in Outlook gets any response other than 404 when attempting to connect to the website, it will initiate a full session to check Autodiscover information validity, which then causes the certificate error to pop up.

It's possible to prevent Outlook from using domain.com as a lookup point for autodiscover using group policy, but Macs aren't configurable with group policy by default, so you may have something in place on your Windows machines to keep this from popping up, but Macs can't get that configuration. That said, accepting the certificate and setting to always trust is an acceptable work-around, but the full fix would be to reconfigure the web server at domain.com so it is not redirecting or forwarding any requests for https://domain.com/autodiscover/autodiscover.xml
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41766979
Thanks for the additional info, Adam. I wanted to get back here to include the proper name of the Adobe web platform that this domain is built on. It's call Adobe Business Catalyst. When your web site is hosted on that platform, that's when worldsecuresystems.com becomes involved with your web site and associated DNS records. This particular site uses the Adobe Business Catalyst nameservers. The user interface for managing DNS records there was not very good last time I looked. Not sure whether it would allow me the level of control to implement Adam's suggestion above. In any case, I have now at least got the name of the platform here so that future user searches might turn up this question. Cheers!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question