Re: Security alert when starting Outlook 2007 on Windows 7 - Exchange Server 2003

  • Thread starter Allen Song
  • Start date Views 620
A

Allen Song



Hi,

Can you post the warning message? Did you include the mysite.info in the SAN of the certificate?

Thanks

Allen
 
M

Mihai_Admin


Hi,

The Security alert looks like this:

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

The security certificate is from a trusted certifying authority. (checked)

The security certificate date is valid. (checked)

The name on the certificate is invalid or does not match the name of the site. (error)

The certificate is simple, just a web server certificate issued to www.mysite.info which is the web address of the sharepoint portal.

The issue however happens just internally. The firewall used is Forefront TMG 2010.

Thanks,
 
S

Sembee [MVP]



Outlook 2007 attempts to do autodiscover to a number of URLs at frequent intervals. This behaviour cannot be stopped. Therefore one of the URLs that it attempts to use must resolve to that machine. Autodiscover is an Exchange 2007 feature that uses https to allow Outlook 2007 and higher to connect to the server for configuration information.
The only way to stop it is to stop the URLs from resolving.

If you have a wildcard in the domain, autodiscover or a web server on a domain controller (so domain.com resolves to an active web site) then this will cause the problem.
For the domain controller problem, the only thing that might work would be to put a second IP address on the network card, then bind the web site to the second Ip address only (so not all unassigned). Then adjust your internal DNS so that the site resolves to the second IP address. The autodiscover process should then fail.

Simon.
 
M

Mihai_Admin



Simon, thank you very much for this.

I started thinking about Autodiscover after reading one of your blog entries from here .

I'll will try to fix this as you suggested.

Big fan of yours,

Mihai
 
D

Dan McQ

If I were to turn autodiscover off (in order to get rid of the security message each time Outlook is started), would the Outlook clients which have already been successfully configured with the server continue to function properly?
 
S

Sembee [MVP]

If I were to turn autodiscover off (in order to get rid of the security message each time Outlook is started), would the Outlook clients which have already been successfully configured with the server continue to function properly?
You can't turn off autodiscover.
All you can do is ensure that autodiscover or any of the URLs that the autodiscover process attempts to use don't resolve or don't have an SSL certificate. Outlook 2007 will always poll for autodiscover information because it doesn't know what version of Exchange it is being used against.
If you do manage to get it to so that autodiscover doesn't resolve anywhere, then clients that are already configured will not change, because they aren't getting new information.

Simon.
 
Top