Outlook Security Certificate
Hello All,
I have a customer who has SBS2011 and he use to use the exchange... Last year we stopped using the exchange on SBS and moved him over to Office 365... We are not using Azure/etc just moved over his domain to office 365 and repointed all of his outlook clients to office 365... Worked like a charm.
However sometimes the users get a Security Alert when opening/closing outlook .... The Security certificate has expired or is not yet valid. Any idea why they are recieving this? I assume it has to do with the old SMS Exchange? Why would his outlook be throwing that error if its pointed to office 365 an not his old on premise exchange?
If anyone has any ideas please shoot them my way... Thanks
I have a customer who has SBS2011 and he use to use the exchange... Last year we stopped using the exchange on SBS and moved him over to Office 365... We are not using Azure/etc just moved over his domain to office 365 and repointed all of his outlook clients to office 365... Worked like a charm.
However sometimes the users get a Security Alert when opening/closing outlook .... The Security certificate has expired or is not yet valid. Any idea why they are recieving this? I assume it has to do with the old SMS Exchange? Why would his outlook be throwing that error if its pointed to office 365 an not his old on premise exchange?
If anyone has any ideas please shoot them my way... Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello Mate,
I agree with Adam, you SBS server object is still exist in AD hence outlook client try to connect using Autodiscover SCP object. To fix the issue you have following options
1) Redirect the SCP request to O365 using powershell command
get-clientaccessserver | set-clientaccessserver -autodiscoverserviceintern
2) Since all mailboxes are completely migrated to cloud you can remove the server object from ADSI edit or uninstall the Exchange server
To remove the server open ADSI-Edit and go to configuration
Navigate to this path:
CN=Configuration,DC=DOMAIN
CN=Services
CN=Microsoft Exchange
CN=EXCHANGE_ORG
CN=Administrative Group
CN=Servers
Delete the Server object
3) Disable the SCP at outlook client by doing registry changes
HKEY_CURRENT_USER\Software
ExcludeScpLookup set value to 0
Restart the client machine
https://support.microsoft.com/en-in/help/2212902/unexpected-autodiscover-behavior-when-you-have-registry-settings-under-the-autodiscover-key
You can apply to all clients using GPO
https://support.microsoft.com/en-in/help/2612922/how-to-control-outlook-autodiscover-by-using-group-policy
Regards,
Kumar
I agree with Adam, you SBS server object is still exist in AD hence outlook client try to connect using Autodiscover SCP object. To fix the issue you have following options
1) Redirect the SCP request to O365 using powershell command
get-clientaccessserver | set-clientaccessserver -autodiscoverserviceintern
2) Since all mailboxes are completely migrated to cloud you can remove the server object from ADSI edit or uninstall the Exchange server
To remove the server open ADSI-Edit and go to configuration
Navigate to this path:
CN=Configuration,DC=DOMAIN
CN=Services
CN=Microsoft Exchange
CN=EXCHANGE_ORG
CN=Administrative Group
CN=Servers
Delete the Server object
3) Disable the SCP at outlook client by doing registry changes
HKEY_CURRENT_USER\Software
ExcludeScpLookup set value to 0
Restart the client machine
https://support.microsoft.com/en-in/help/2212902/unexpected-autodiscover-behavior-when-you-have-registry-settings-under-the-autodiscover-key
You can apply to all clients using GPO
https://support.microsoft.com/en-in/help/2612922/how-to-control-outlook-autodiscover-by-using-group-policy
Regards,
Kumar
ASKER
Thanks this did the job.
Outlook will try to use a few different ways in trying to obtain the Autodiscover information and you can exclude some of the methods as explained here: https://support.microsoft.com/en-us/help/2212902/unexpected-autodiscover-behavior-when-you-have-registry-settings-under-the-autodiscover-key