Certificate error issue after migration to office 365

I have a situation where I migrated small client to Office 365 from "on site Exchange 2010", and now when the previously installed SSL certificate expired - users are prompted with Certificate error on opening of the Outlook.

the name on certificate refers to old mx record host "mail.domain.com"
I have checked the DNS records for this domain and I do not see any references to the host anymore.

I guess I could just renew the SSL certificate, but I do want to retire the old Exchange server, and do not really want to pay for unnecessary certificate.

Any ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
If you have configured Hybrid your autodiscover will connect to Exchange server2010 and external URL will connect to Office365.
i.e. you need a certificate for Exchange 2010 for an error free outlook
pyotrekAuthor Commented:
MAS: This is not hybrid installation.
The old Exchange is not in use anymore (but still present on the network)
Vasil Michev (MVP)Commented:
In a domain joined environment, Outlook will hit the SCP first, which probably still exists in your case and points to the Exchange server. An easy way to solve this is to "instruct" Outlook to bypass the SCP (and any other internal) lookup by deploying the reg keys mentioned here: https://support.microsoft.com/en-us/help/3211279/outlook-2016-implementation-of-autodiscover

Or, just decommission the server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Then you have to point your internal  autodiscover to office 365
FYI internal domain added outlooks will use SCP to connect to server.
Hemil AquinoNetwork EngineerCommented:
That error means, Exchange server does not have a valid certificate, you need to issue one via a DNS provider or some sort:

Follow this steps:

1- create an digital certificate file CRT in your exchange.
2- Make sure you have added the follows: Mail.Mydomain.com, Autodiscover.Mydomain.com
3- Buy a SAN certificate in this website "namecheap.com"
4-  Issue the certificate.
5- Install it and apply it to your exchange server.

Afterwards everything should be  running smooth.

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Please chekc URL in Vasil's comment above which will clear ur issue if you dont have any mailbox onpremise.
pyotrekAuthor Commented:
Vasil Michev: As part of migration I have removed autodiscover virtual directory from "old" server, but I guess SCP is something different?! correct.
Can I just disable it - I have no plans on bringing this "old" exchange server into production.
Unfortunately there are still some "redirected shared folders" on it that will take time to migrate - so it will be alive for some time.
pyotrekAuthor Commented:
MAS: reading through it now.
pyotrekAuthor Commented:
OK - I think I got it.

Since I did not know what the SCP is - I googled it and got this:


This article shows how to get to attributes of Service Connection Point (SCP) In Exchange 2010.

In this case it the SCP attribute for serviceBindingInformation on "local" Exchange Administrative Group (the old Exchange 2010 that is about to be completely retired was showing:


I figured that I will try to change it to see what will happen and I changed it to:


and the outlook does not bring that error anymore.
pyotrekAuthor Commented:
Thanks for quick response.

removing the value in serviceBindingInformation makes the Outlook start even faster.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.