locked
Outlook Clients getting Certifiicate error RRS feed

  • Question

  • I have a very strange issue. I have a client that uses Windows Small Business Server 2008. The server has a copy of Exchange installed on it but none of the mailboxes are used. All of the mailboxes are in the cloud located at Office 365. As of the last month, whenever anyone in the office opens Outlook, they get the security alert below. The picture at the bottom is a view of the  cert. The cert is from the SBS2008 server and particularly, the Exchange server. If I run get-ExchangeCertificate |FL I see the cert in the list. I have tried issuing a new-exchangecertificate, then removing the old one and enabling the new one with the services IIS,IMAP,POP,SMTP but this still comes up! What really confuses me is that Outlook should NOT even be communicating with the on site exchange server; it is not used at all except for relaying mail from their copier.  I tried deleting the user's mailbox I have been using as a test, adding an autodiscover CNAME and an autodiscover SRV entry into DNS, both of which I pointed to autodiscover.outlook.com but this still pops up and it pops up on everyone's workstation when they open Outlook and periodically while they work in Outlook! I am at a loss... Please help.

    Server is Windows Server Standard FE SP2
    Exchange is 2007 and I am unsure what SP is installed
    Workstation is Windows 7 32 bit
    Outlook client is Outlook 2010 32 bit

    Thanks!

    Tony

    Saturday, May 11, 2013 8:40 PM

Answers

  • All mailboxes are at Office 365. They are not in Hybrid mode in any way. The clients should not be contacting the local server at all; the only reason it has Exchange installed is because it's SBS and now, they use it for relaying scanned documents.

    I actually worked with Microsoft and we finally resolved the issue. The problem is that Outlook automatically looks for a local Exchange server whenever it starts?  I never heard of this but I'm taking the support guys word for it... He had me add the following reg entry:

    HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover\
    "ExcludeScpLookup"=dword:1

    Obviously, the version number will very. This solved the issue. I added this to a group policy and pushed it out to all clients.

    Thanks for the response!

    Tony

    • Proposed as answer by Fiona_Liao Monday, May 13, 2013 9:19 AM
    • Marked as answer by Fiona_Liao Thursday, May 16, 2013 9:13 AM
    Sunday, May 12, 2013 1:30 PM
  • Hi Tony,

    Outlook will try to connect Autodiscover service when it starts up, it is by design. The problem occurs because there is SCP record in your SBS domain when Exchange CAS role installed, and the SCP url is available for your internal Outlook clients. 

    See http://technet.microsoft.com/en-us/library/bb332063(v=exchg.80).aspx#OutlookAndAD

    So disabling SCP search via client side registry key, or pointing the SCP url to your external O365 may resolve the issue.

     


    Fiona Liao
    TechNet Community Support

    • Proposed as answer by Fiona_Liao Monday, May 13, 2013 9:19 AM
    • Marked as answer by Fiona_Liao Thursday, May 16, 2013 9:13 AM
    Monday, May 13, 2013 9:19 AM

All replies

  • Are you trying to configure the mailbox which are hosted on office365 or local subs server? This is a typical error and you will need to have proper trusted cert from a3rd party. You can also setup a local CA but I am not sure what you are trying to do?

    Where Technology Meets Talent

    Sunday, May 12, 2013 6:18 AM
  • All mailboxes are at Office 365. They are not in Hybrid mode in any way. The clients should not be contacting the local server at all; the only reason it has Exchange installed is because it's SBS and now, they use it for relaying scanned documents.

    I actually worked with Microsoft and we finally resolved the issue. The problem is that Outlook automatically looks for a local Exchange server whenever it starts?  I never heard of this but I'm taking the support guys word for it... He had me add the following reg entry:

    HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover\
    "ExcludeScpLookup"=dword:1

    Obviously, the version number will very. This solved the issue. I added this to a group policy and pushed it out to all clients.

    Thanks for the response!

    Tony

    • Proposed as answer by Fiona_Liao Monday, May 13, 2013 9:19 AM
    • Marked as answer by Fiona_Liao Thursday, May 16, 2013 9:13 AM
    Sunday, May 12, 2013 1:30 PM
  • Hi Tony,

    Outlook will try to connect Autodiscover service when it starts up, it is by design. The problem occurs because there is SCP record in your SBS domain when Exchange CAS role installed, and the SCP url is available for your internal Outlook clients. 

    See http://technet.microsoft.com/en-us/library/bb332063(v=exchg.80).aspx#OutlookAndAD

    So disabling SCP search via client side registry key, or pointing the SCP url to your external O365 may resolve the issue.

     


    Fiona Liao
    TechNet Community Support

    • Proposed as answer by Fiona_Liao Monday, May 13, 2013 9:19 AM
    • Marked as answer by Fiona_Liao Thursday, May 16, 2013 9:13 AM
    Monday, May 13, 2013 9:19 AM