Link to home
Start Free TrialLog in
Avatar of Tanner Pearson
Tanner Pearson

asked on

Wrong certificate given from a random remote AD server when connecting to Exchange

Hello,  I have an issue that popped up after a Nuke and Pave of the PDC and CA.  Now when an OSx, Outlook 2016 client attempts to connect to Exchange (2013, a pop-up showing Verify Certificate appears.  " A Secure connection cannot be established with the server [Domain] Do you want to continue.  The certificate shown is one with the name of a remote DC which shouldnt be serving certificates to anybody connecting to Exchange.  It shows that the Certificate is invalid (Host Name mismatch), but I cant even locate the certificate on the remote server thats named. Strangely, it shows the Common name as Spiceworks Desktop Install CA.  Spiceworks was previously installed on the DC, but isnt any longer, and I cant find any cert referencing Spiceworks anywhere on the server.

Not causing any outage at this point, just the pop-up and asking to trust a weird cert from somewhere unknown.

Thanks for any ideas.
Avatar of Amit
Amit
Flag of India image
looks like you are using Sha1 self signed certificate. Get new Sha2 certificate from 3rd party vendor and update it. Assign services to new certificate.
Avatar of Tanner Pearson
Tanner Pearson

ASKER

Amit,  I cant tell where this cert is even coming from.  Theres no cert that looks like the one Outlook is given on the server it references.  The server isnt an exchange server, or domain controller.  Im not even sure why Outlook is talking to this remote server halfway around the earth.
SOLUTION
Avatar of J S
J S
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tanner Pearson
Tanner Pearson

ASKER

There is an autodiscover dns entry that points to our webmail address which is internal and on the same subnet.  Im still not sure why its bringing up a cert from an unrelated server.  How could I stop this without removing the autodiscover DNS entry.
Avatar of K B
K B
Flag of United States of America image
You might try running fiddler on an affected workstation while the prompt happens.  This would give you a good idea where it is coming from.
Avatar of J S
J S
Flag of United States of America image
Have you verified all of the certificates imported into Exchange and that the services are bound  (IMAP4, POP3, IIS, SMTP)?
Avatar of K B
K B
Flag of United States of America image
If you go to https:\\domain.com without autodiscover what is that certificate?
Avatar of K B
K B
Flag of United States of America image
Oops I mean
....
Http://domain.com
Avatar of K B
K B
Flag of United States of America image
With the s

Geez sorry I'm mobile
ASKER CERTIFIED SOLUTION
Avatar of K B
K B
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tanner Pearson
Tanner Pearson

ASKER

I clearly have a problem with the CA in my domain and which certs are published to Exchange.  Thanks for explaining the Autodiscover test.