locked
Outlook is unable to connect to the proxy server. (Error Code 10) RRS feed

  • Question

  • Here is the problem - outlook is getting the folllowing error messages for users on Exchange 2013


    ---------------------------
    There is a problem with the proxy server's security certificate.
    The name on the security certificate is invalid or does not match the name of the target site webmail.domain.internal.
    Outlook is unable to connect to the proxy server. (Error Code 10)
    ---------------------------

    all sites are configured to use Public domain name   https://webmail.contoso.com/****

    outlook anywhere internal and external URL set to the same

    public SSL wilcard cert used

    Outlook anywhere is functioning correctly on the internet - just internally you get the warning message - outlook connects okay.

    if i browse to https://webmail.domain.internal i get cert warning, which i'd expect as the internal domain name is not listed in the public cert.

    How do i resolve this? - i cant put the internal domain name in the public wildcard cert

    Saturday, June 21, 2014 9:57 AM

Answers

  • Even if you could, you don't want to put the internal domain name in the certificate.

    Enter the following command:

    Get-OutlookProvider -Identity EXPR | FL

    Note the CertPrincipalName value.  This should be the CN of the certificate, such as "*.contoso.com".

    Check the ExternalUrl and InternalUrl settings for the OAB and Web Services virtual directories.

    Check the ExternalHostname and InternalHostname properties in Get-OutlookAnywhere, and make sure those are set to webmail.contoso.com.

    Check the AutodiscoverServiceInternalUri property in Get-ClientAccessServer and make sure it's set correctly as well.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    unfortunately setting this is not a solution for us as we have a global exchange with multiple domains. the solution was simply to remove the DNS records for webmail.domain.internal

    • Marked as answer by mr_burgess Monday, June 23, 2014 12:21 PM
    Monday, June 23, 2014 12:21 PM

All replies

  • Even if you could, you don't want to put the internal domain name in the certificate.

    Enter the following command:

    Get-OutlookProvider -Identity EXPR | FL

    Note the CertPrincipalName value.  This should be the CN of the certificate, such as "*.contoso.com".

    Check the ExternalUrl and InternalUrl settings for the OAB and Web Services virtual directories.

    Check the ExternalHostname and InternalHostname properties in Get-OutlookAnywhere, and make sure those are set to webmail.contoso.com.

    Check the AutodiscoverServiceInternalUri property in Get-ClientAccessServer and make sure it's set correctly as well.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Proposed as answer by Niko.Cheng Monday, June 23, 2014 8:39 AM
    Sunday, June 22, 2014 2:33 AM
  • Even if you could, you don't want to put the internal domain name in the certificate.

    Enter the following command:

    Get-OutlookProvider -Identity EXPR | FL

    Note the CertPrincipalName value.  This should be the CN of the certificate, such as "*.contoso.com".

    Check the ExternalUrl and InternalUrl settings for the OAB and Web Services virtual directories.

    Check the ExternalHostname and InternalHostname properties in Get-OutlookAnywhere, and make sure those are set to webmail.contoso.com.

    Check the AutodiscoverServiceInternalUri property in Get-ClientAccessServer and make sure it's set correctly as well.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    unfortunately setting this is not a solution for us as we have a global exchange with multiple domains. the solution was simply to remove the DNS records for webmail.domain.internal

    • Marked as answer by mr_burgess Monday, June 23, 2014 12:21 PM
    Monday, June 23, 2014 12:21 PM