Exchange/Outlook 2010 autodiscover certificate error name mismatch
Recently some users have been receiving the following autodiscover certificate error when opening outlook:
Security Alert: autodiscover.domainname.org
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.
√ The security certificate is from a trusted party
√ The security certificate date is valid
X The name on the security certificate is invalid or does not match the name of the site
Firstly, we host exchange at a different hostedexchange.com, and our autodiscover uses a wildcard certificate “*.hostedexchange.com”. So starting with the client I made sure to view the certificate. The correct name on the certificate listed was “*hostedexchange.com.”
1. I installed the certificate on to the client PC into the trusted store. Closed outlook/opened again and still the same error.
2. I looked at the proxy settings in the account setup and found that the ‘server name’ and msstd: were correct, they were.
3. We used nslookup externally and found that there are no valid dns records pointing to autodiscover.domainname.org
4. We used https://www.testexchangeconnectivity.com/ and found that while it does automatically check for autodiscover.domainname.org, dns did not return a value; it failed
5. From the client we were able to ping autodiscover.domainname.com, the ping returned an internal ip address of our mail server.
6. So from the results above it appears as though the client (or citrix server’s hosted desktop in this instance) had an incorrect dns entry.
7. From a (run as administrator) command prompt I issued an “ipconfig /flushdns” command on the client server but the error persisted, and pings still replied from autodiscover.domainname.org
8. We checked the hosts file on the server (c:\windows\system32\drivers\etc), and sure enough there was an old entry for autodiscover.domainname.org
9. In order to edit the hosts file, did a “Run as administrator” to open notepad, edited the file and saved successfully.
10. Issued another ipconfig /flushdns
Now when the client opens, the request to get autodiscover.domainname.org fails, and there is no mismatch of certificate names.