Certificate error issue after migration to office 365

I have a situation where I migrated small client to Office 365 from "on site Exchange 2010", and now when the previously installed SSL certificate expired - users are prompted with Certificate error on opening of the Outlook.

the name on certificate refers to old mx record host "mail.domain.com"
I have checked the DNS records for this domain and I do not see any references to the host anymore.

I guess I could just renew the SSL certificate, but I do want to retire the old Exchange server, and do not really want to pay for unnecessary certificate.

Any ideas?
Who is Participating?
Vasil Michev (MVP)Connect With a Mentor Commented:
In a domain joined environment, Outlook will hit the SCP first, which probably still exists in your case and points to the Exchange server. An easy way to solve this is to "instruct" Outlook to bypass the SCP (and any other internal) lookup by deploying the reg keys mentioned here: https://support.microsoft.com/en-us/help/3211279/outlook-2016-implementation-of-autodiscover

Or, just decommission the server.
MAS (MVE)Technical Department HeadCommented:
If you have configured Hybrid your autodiscover will connect to Exchange server2010 and external URL will connect to Office365.
i.e. you need a certificate for Exchange 2010 for an error free outlook
pyotrekAuthor Commented:
MAS: This is not hybrid installation.
The old Exchange is not in use anymore (but still present on the network)
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

MAS (MVE)Connect With a Mentor Technical Department HeadCommented:
Then you have to point your internal  autodiscover to office 365
FYI internal domain added outlooks will use SCP to connect to server.
Hemil AquinoNetwork EngineerCommented:
That error means, Exchange server does not have a valid certificate, you need to issue one via a DNS provider or some sort:

Follow this steps:

1- create an digital certificate file CRT in your exchange.
2- Make sure you have added the follows: Mail.Mydomain.com, Autodiscover.Mydomain.com
3- Buy a SAN certificate in this website "namecheap.com"
4-  Issue the certificate.
5- Install it and apply it to your exchange server.

Afterwards everything should be  running smooth.

MAS (MVE)Technical Department HeadCommented:
Please chekc URL in Vasil's comment above which will clear ur issue if you dont have any mailbox onpremise.
pyotrekAuthor Commented:
Vasil Michev: As part of migration I have removed autodiscover virtual directory from "old" server, but I guess SCP is something different?! correct.
Can I just disable it - I have no plans on bringing this "old" exchange server into production.
Unfortunately there are still some "redirected shared folders" on it that will take time to migrate - so it will be alive for some time.
pyotrekAuthor Commented:
MAS: reading through it now.
pyotrekAuthor Commented:
OK - I think I got it.

Since I did not know what the SCP is - I googled it and got this:


This article shows how to get to attributes of Service Connection Point (SCP) In Exchange 2010.

In this case it the SCP attribute for serviceBindingInformation on "local" Exchange Administrative Group (the old Exchange 2010 that is about to be completely retired was showing:


I figured that I will try to change it to see what will happen and I changed it to:


and the outlook does not bring that error anymore.
pyotrekAuthor Commented:
Thanks for quick response.

removing the value in serviceBindingInformation makes the Outlook start even faster.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.