Monday, 19 October 2015

Outlook 2013 - There is a problem with the proxy server's security certificate

When configuring a new install of Exchange 2013, you may be presented with below the errors in Outlook:

There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site server.domain.com.
Outlook is unable to connect to the proxy server (Error Code 10)

The name on the security certificate is invalid or does not match the name of the site




The cause of these errors is that Outlook is connecting using Outlook Anywhere although it is able to contact Exchange, it is using a name that is not on the certificate.

To resolve the issue, there are two options. Either you need to create a new certificate request and add the name to the certificate (see here for instructions) or you need to configure Exchange not to autoconfigure Outlook with this name and specify a different name that is on the certificate. This autoconfiguration is known as autodiscover. More on that in another post.

In this post, we'll look at how to configure Exchange Outlook Anywhere so that this issue no longer occurs.

1) Confirm current Outlook Anywhere hostnames 

We need to confirm that the Outlook Anywhere hostname includes the hostname in the error, in our case litex01.litwareinc.com.

To do this run the below command:

Get-OutlookAnywhere | fl ExternalHostname,InternalHostname



2) Create DNS records

We need to choose a name that is included on the certificate that is used by the CAS servers and/or reverse proxies. In our case, we will use the same name, mail.litwareinc.com, in internal and external DNS as we are using split brain DNS. You can use different names as long as both are included on your certificate. Using a single name is simpler for troubleshooting and means that less names are required on the certificate which can reduce your costs in some cases.


The internal A record needs to resolve to the internal IP of the CAS server or load balancer virtual IP if you are load balancing multiple CAS servers.

The external A record needs to resolve to the public IP of the CAS server or load balancer virtual IP if you are load balancing multiple CAS servers. If you are using a reverse proxy then you need to configure the A record to resolve to the public IP of your reverse proxy.

3) Configure new Outlook Anywhere hostnames


To configure Autodiscover Outlook Anywhere with the internal and external hostnames, run the command below on a single line:


Get-OutlookAnywhere | Set-OutlookAnywhere -InternalHostname mail.litwareinc.com -InternalClientsRequireSsl $true -ExternalHostname mail.litwareinc.com -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod Basic





4) Confirm new Outlook Anywhere hostnames

Again, we'll run the same command from step 1 to confirm our settings have changed. See below:


Get-OutlookAnywhere | fl ExternalHostname,InternalHostname




5) Restart the MSExchangeAutodiscoverAppPool


These settings don't take effect immediately so you need to restart the MSExchangeAutodiscoverAppPool.




You can now open Outlook without any issues.

3 comments:

  1. I too once encounter the same very error but thanks to PST Repair Software using which I was able to fix it.

    ReplyDelete

  2. have you noticed Outlook 2013 Error 10 While Opening ? Have no idea to troubleshoot the issue? If yes then you need to take help of an ultimate solution which is named as pst repair software.

    Outlook 2013 Error 10 While Opening

    ReplyDelete

  3. Microsoft offer us very beneficial personal data supervisor name Microsoft Outlook that is part of Microsoft Office suite.
    even though regularly used specifically as an e-mail software, it is also a calendar, task manager, contact manager,
    note taking, journal, and internet surfing.
    outlook phone number

    ReplyDelete