Solved

Mac: Outlook certificate error when connecting to Microsoft hosted Exchange Account

Posted on 2016-08-19
6
257 Views
Last Modified: 2016-08-23
Running a Mac, using Outlook for the Mac. Why is Outlook trying to contact worldsecuresystems.com when connecting to my Microsoft hosted Exchange email account at mydomain.com? I ran a Malwarebytes sweep of the Mac, came up clean. Deleted the email account and recreated it. Same problem. See graphic attached. Thanks.
peteremailerr.png
0
Comment
Question by:tcianflone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 200 total points
ID: 41762514
Hosted Exchange servers provide service for multiple clients, but can only provide a single certificate on the web server that provides services for Exchange. The usual way around this is to have a CNAME DNS record that translates autodiscover.company.com to autodiscover.hostedexchange.com. However, it looks like the Outlook version on the MAC doesn't properly handle that. Make sure the software is fully up to date, and if it is still having problems, you would either change things so that you're using a SRV record for Autodiscover or just ignore the certificate error.
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41765220
Took a closer look at this based on your comment, Adam. If you go to the web site for this domain and attempt to access it using https, you get the same error. See attached graphic. Where worldsystems.com comes in: This site is hosted in Adobe's business web site building platform and the registrar for those sites always come up as worldsystems.com, something I've seen before. The DNS setup inside of the hosted Exchange account checks out as correct and there is the required autodiscover.mydomain.com cname pointer to the autodiscover.outlook.com as required. And the Mac is the only device that has a problem with it. Any additional thoughts? Thank you.
httpserror.JPG
0
 
LVL 9

Accepted Solution

by:
Tim Lapin earned 300 total points
ID: 41765300
Sounds like they are trying to do domain forwarding.  While a legitimate procedure, it is also the hallmark of many an internet scam.  It could be that Outlook for Mac (and/or the browsers on that mac) are set to a high degree of paranoia.  

I have found that, if you (as a person) trust the destination site, setting the certificate status to "Always Trust" solves the problem.  Office 2016 for Mac seems to require this extra step, while Office for Mac 2011 does not.

You might have to open the "Trust" sub heading for more options; it's been a while and I can't remember if there was a second level of acceptance required for this certificate issue.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Closing Comment

by:tcianflone
ID: 41765318
The Always trust check box is right on the error dialog. Now that I understand the relationship between the user's domain and the worldsecuresystems.com domain, I was able to advise the client to click Always trust and continue to site. Thanks for your help, all.
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 41765536
Just as an FYI, if you have a website using domain.com as its host name, you can get certificate errors in Outlook because the first place Autodiscover checks for autodiscover info is domain.com. The reason this happens is the website is configured to redirect all invalid requests to the root directory. If the autodiscover service in Outlook gets any response other than 404 when attempting to connect to the website, it will initiate a full session to check Autodiscover information validity, which then causes the certificate error to pop up.

It's possible to prevent Outlook from using domain.com as a lookup point for autodiscover using group policy, but Macs aren't configurable with group policy by default, so you may have something in place on your Windows machines to keep this from popping up, but Macs can't get that configuration. That said, accepting the certificate and setting to always trust is an acceptable work-around, but the full fix would be to reconfigure the web server at domain.com so it is not redirecting or forwarding any requests for https://domain.com/autodiscover/autodiscover.xml
0
 
LVL 1

Author Comment

by:tcianflone
ID: 41766979
Thanks for the additional info, Adam. I wanted to get back here to include the proper name of the Adobe web platform that this domain is built on. It's call Adobe Business Catalyst. When your web site is hosted on that platform, that's when worldsecuresystems.com becomes involved with your web site and associated DNS records. This particular site uses the Adobe Business Catalyst nameservers. The user interface for managing DNS records there was not very good last time I looked. Not sure whether it would allow me the level of control to implement Adam's suggestion above. In any case, I have now at least got the name of the platform here so that future user searches might turn up this question. Cheers!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
This video discusses moving either the default database or any database to a new volume.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question