Exchange 2013/365 Hybrid Autodiscover Certificate Warning
We have an Exchange 2013/365 Hybrid with:
3x Exchange 2007 servers
2x Exchange 2013 servers, one of which is the Hybrid and MRS endpoint
An Office365 Tenancy
Azure AD Sync with password sync (not ADFS)
As it is in hybrid, the Autodiscover DNS records point to the on prem 2013 server as is required.
Some users, when their mailbox migrated to Office365, receive a certificate warning as per the below picture.
This is probably from the Autodiscover redirect, when the autodiscover service in Exchange 2013 redirects the client to the Office365 Exchange instance.
How can we correct this?
Also note, the certificate does not have the usual chain of root CA -> intermediate CA -> cert as I would expect:
3x Exchange 2007 servers
2x Exchange 2013 servers, one of which is the Hybrid and MRS endpoint
An Office365 Tenancy
Azure AD Sync with password sync (not ADFS)
As it is in hybrid, the Autodiscover DNS records point to the on prem 2013 server as is required.
Some users, when their mailbox migrated to Office365, receive a certificate warning as per the below picture.
This is probably from the Autodiscover redirect, when the autodiscover service in Exchange 2013 redirects the client to the Office365 Exchange instance.
How can we correct this?
Also note, the certificate does not have the usual chain of root CA -> intermediate CA -> cert as I would expect:
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The Trusted Root CA list can vary from computer to computer depending on one of these elements:
- System updates/patches.
- Certificate deployments (i.e. GPO, System Center Configuration Manager, Automatic scripts, etc)
- Manual installation of the certificate
According to one of the previous points, that certificate can or cannot be valid for one specific device.
- System updates/patches.
- Certificate deployments (i.e. GPO, System Center Configuration Manager, Automatic scripts, etc)
- Manual installation of the certificate
According to one of the previous points, that certificate can or cannot be valid for one specific device.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The other solutions were not correct and did not directly answer the specific question.
ASKER
PS: This company uses a Bluecoat in transparent proxy mode. I've asked the network team if it's doing SSL inspection.