Forum Thread

Finding Missing Certificate

LiquidRetro 12,661 4,824 March 2, 2016 at 07:52 AM
So background, we used to have a exchange server on site, Last year we migrated Exchange Online and things have been good. Recently going through office renewals and we decided to go for Office 365 so I have been testing Office 2016 version. Upon installing and configuring Outlook 2016 I am constantly getting the following error every time outlook is opened. The domain it was trying to get the certificate for was for the old local exchange server.

I have to think it's the domain controller or group policy that trying to push the certificate down to individual machines as this is a new machine that was setup in the last month. I looked at my domain DNS and it's all pointing to the correct locations from what I can tell.

Any ideas on where I can look stop Outlook looking for this old outdated expired certificate?

16 Comments

1 2

Sign up for a Slickdeals account to remove this ad.

#2
Quote from LiquidRetro View Post :
So background, we used to have a exchange server on site, Last year we migrated Exchange Online and things have been good. Recently going through office renewals and we decided to go for Office 365 so I have been testing Office 2016 version. Upon installing and configuring Outlook 2016 I am constantly getting the following error every time outlook is opened. The domain it was trying to get the certificate for was for the old local exchange server.

I have to think it's the domain controller or group policy that trying to push the certificate down to individual machines as this is a new machine that was setup in the last month. I looked at my domain DNS and it's all pointing to the correct locations from what I can tell.

Any ideas on where I can look stop Outlook looking for this old outdated expired certificate?

Open certmgr.msc search for, export, and delete the offending certificate

Certificates are stored in the registry.
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Original Poster
Pro
#3
Quote from jkee View Post :
Open certmgr.msc search for, export, and delete the offending certificate

Certificates are stored in the registry.
Tried that on the local PC searched for the issued to and serial number and it can't be found. Deleted it from the server but still getting the notice on the desktop side.
Reply Helpful Comment? 0 0
Last edited by LiquidRetro March 2, 2016 at 10:04 AM
Vague questions receive vague answers . . . . . .
#4
Quote from LiquidRetro View Post :
Tried that on the local PC searched for the issued to and serial number and it can't be found.
try searching the registry. also try sorting by expiration in certmgr.
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Original Poster
Pro
#5
Quote from jkee View Post :
try searching the registry. also try sorting by expiration in certmgr.
Not finding anything other than the one on the server I have deleted.
Reply Helpful Comment? 0 0
#6
Quote from LiquidRetro View Post :
Not finding anything other than the one on the server I have deleted.
maybe reboot the server tonight Dontknow

The cert may not have been pushed to clients. It could be on the server and cause an error like this. The client just has to be attempting contact with the domain associated with this cert. Not sure if your setup would need one, but you could also install a new cert on the server. Also try to figure out why the client is making contact with the old server.
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Original Poster
Pro
#7
Quote from jkee View Post :
maybe reboot the server tonight Dontknow

The cert may not have been pushed to clients. It could be on the server and cause an error like this. The client just has to be attempting contact with the domain associated with this cert. Not sure if your setup would need one, but you could also install a new cert on the server. Also try to figure out why the client is making contact with the old server.
Ya I'll have to do that maybe this weekend. Hard to do during the week.
Reply Helpful Comment? 0 0
Joined Jun 2005
Let Sleeping Dogs Lie
5,845 Posts
2,388 Reputation
Pro
#8
look in internet explorer that is where the certs are located

tools internet options -content
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

#9
you could also fire up fiddler to see the interaction between the client and server.

Is the local exchange server still running? I wonder if you get a different error once you get past this certificate error. That was a pretty short lived cert (<4 months).
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Original Poster
Pro
#10
Quote from jkee View Post :
maybe reboot the server tonight Dontknow

The cert may not have been pushed to clients. It could be on the server and cause an error like this. The client just has to be attempting contact with the domain associated with this cert. Not sure if your setup would need one, but you could also install a new cert on the server. Also try to figure out why the client is making contact with the old server.
Got the server rebooted, didn't seem to make a difference.

Quote from komondor View Post :
look in internet explorer that is where the certs are located

tools internet options -content
I checked this on my machine and didn't find this one.

Quote from jkee View Post :
you could also fire up fiddler to see the interaction between the client and server.

Is the local exchange server still running? I wonder if you get a different error once you get past this certificate error. That was a pretty short lived cert (<4 months).
Local exchange is not running, there is a SMTP relay yet on that box but that's it. Might have to try the fiddler.
Reply Helpful Comment? 0 0
#11
Quote from LiquidRetro View Post :
Local exchange is not running, there is a SMTP relay yet on that box but that's it. Might have to try the fiddler.
Is the same remote.* domain being used for the hosted solution? I wonder if the relay is serving this old cert for some reason.
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Original Poster
Pro
#12
Quote from jkee View Post :
Is the same remote.* domain being used for the hosted solution? I wonder if the relay is serving this old cert for some reason.
The domain is the same, the sub domain of remote is different. We are using Office 365 now so it's MS hosted.

I think I fixed it by adding these 2 Registry Keys.

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeScpLookup"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers]
"autodiscover-s.outlook.com"=hex(0):
Reply Helpful Comment? 0 0
Joined Nov 2010
L1: Coupon Noob
2,489 Posts
1,533 Reputation
#13
Liquid,

I've used this to troubleshoot some exchange issues and it's pretty helpful.
https://testconnectivity.microsoft.com/
Hope it can help you, since you checked your DNS, autodiscover address is where I thought it would be as I was reading the thread. I'd say check TTL, but since this is about a week old, that wouldn't be the issue if this is still happening. Is this still going on for other users?
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Original Poster
Pro
#14
Quote from aznboicn View Post :
Liquid,

I've used this to troubleshoot some exchange issues and it's pretty helpful.
https://testconnectivity.microsoft.com/
Hope it can help you, since you checked your DNS, autodiscover address is where I thought it would be as I was reading the thread. I'd say check TTL, but since this is about a week old, that wouldn't be the issue if this is still happening. Is this still going on for other users?
I have used that site too in the past. Great for troubleshooting. However in this case it didn't find anything relevant.
Reply Helpful Comment? 0 0
Joined Nov 2010
L1: Coupon Noob
2,489 Posts
1,533 Reputation
#15
Quote from LiquidRetro View Post :
I have used that site too in the past. Great for troubleshooting. However in this case it didn't find anything relevant.
Liquid,

Just wondering if you're using your old exch server for anything, like offline address book, and if it's still in commission or you've decommissioned it.

Thanks
Reply Helpful Comment? 0 0
Page 1 of 2
1 2
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard