[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1679
  • Last Modified:

Outlook 2016 Security Alert certificate error - Security Cert for this site has been revoked.

I am running Windows 10 Home, with Outlook 2016 using Exchange online plan.  When I test Email AutoConfiguration, I see the following in the log:  Autodiscover to https://autodiscover.domain.com/autodiscover/auotdiscover.xml Failed (0x80070057)
Local autodiscover for domain.com Failed (0x8004010F)
I can see the certificate has expired, but confused why it would look for an Equifax Cert when I'm using Exchange online plan?
Is it possible to stop Outlook or Windows to stop looking for this certificate?

Thanks in advance.
0
lbideaux
Asked:
lbideaux
  • 6
  • 4
3 Solutions
 
IvanSystem EngineerCommented:
Hi,

autodiscover is going to look for domain.com first, and then will go to autodiscover.domain.dom.
That is by design.

Are you using Equifax Cert  on your domain.com site?

Regards,
Ivan.
0
 
AkhaterCommented:
have you created the correct autodiscover record in your DNS with autodiscover.domain.com CNAME for utodiscover.outlook.com ?

note that if you have domain.com also in your LAN you will need to create this record on both your internal and external DNS servers


also, the way autodiscover works it will start by querying https://domain.com/autodiscover and (if this fails) will faill back to autodiscover.domain.com/autodiscover (which is what you want)

you have no real way of solving your problem other than

1) fix your certificate on https://domain.com 
2) make https://domain.com not reachable
0
 
lbideauxAuthor Commented:
Ivan,
I used the following website and it shows the expired cert for the domain.  https://www.sslshopper.com/ssl-checker.html
I didn't setup the domain, but might be able to get access to their hosting.
There are only a handful of PC's so if I could find a fix for the PC/Outlook I could apply to the few PC's.

Thanks.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AkhaterCommented:
Add in the hostsfile of the computer domain.com pointing to 127.0.0.1 it would render https://domain.com inaccessible and would solve your issue
0
 
lbideauxAuthor Commented:
In Office 365 I ran the Check DNS, and returned "All DNS records are correct no errors found.
0
 
lbideauxAuthor Commented:
Akhater,
Ok, could this cause any issues browsing to the website?

Thanks for your input.
0
 
AkhaterCommented:
Off course they won't be able to reach domain.com anymore but they will be able to reach www.domain.com
0
 
AkhaterCommented:
And it's not an error with the dns configuration but an expired certificate in your website so it is normal that office 365 will detect no errors
0
 
lbideauxAuthor Commented:
I ended up using the following registry edit:  

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeHttpsRootDomain"=dword:00000001
0
 
AkhaterCommented:
Thanks for sharing your solution
0
 
AkhaterCommented:
Question answered, OP solved it on the client side
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now