Tanner Pearson
asked on
Wrong certificate given from a random remote AD server when connecting to Exchange
Hello, I have an issue that popped up after a Nuke and Pave of the PDC and CA. Now when an OSx, Outlook 2016 client attempts to connect to Exchange (2013, a pop-up showing Verify Certificate appears. " A Secure connection cannot be established with the server [Domain] Do you want to continue. The certificate shown is one with the name of a remote DC which shouldnt be serving certificates to anybody connecting to Exchange. It shows that the Certificate is invalid (Host Name mismatch), but I cant even locate the certificate on the remote server thats named. Strangely, it shows the Common name as Spiceworks Desktop Install CA. Spiceworks was previously installed on the DC, but isnt any longer, and I cant find any cert referencing Spiceworks anywhere on the server.
Not causing any outage at this point, just the pop-up and asking to trust a weird cert from somewhere unknown.
Thanks for any ideas.
Not causing any outage at this point, just the pop-up and asking to trust a weird cert from somewhere unknown.
Thanks for any ideas.
looks like you are using Sha1 self signed certificate. Get new Sha2 certificate from 3rd party vendor and update it. Assign services to new certificate.
ASKER
Amit, I cant tell where this cert is even coming from. Theres no cert that looks like the one Outlook is given on the server it references. The server isnt an exchange server, or domain controller. Im not even sure why Outlook is talking to this remote server halfway around the earth.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There is an autodiscover dns entry that points to our webmail address which is internal and on the same subnet. Im still not sure why its bringing up a cert from an unrelated server. How could I stop this without removing the autodiscover DNS entry.
You might try running fiddler on an affected workstation while the prompt happens. This would give you a good idea where it is coming from.
Have you verified all of the certificates imported into Exchange and that the services are bound (IMAP4, POP3, IIS, SMTP)?
If you go to https:\\domain.com without autodiscover what is that certificate?
Oops I mean
....
Http://domain.com
....
Http://domain.com
With the s
Geez sorry I'm mobile
Geez sorry I'm mobile
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I clearly have a problem with the CA in my domain and which certs are published to Exchange. Thanks for explaining the Autodiscover test.