Outlook 2010 Warning About Old Cert that No-longer Exists on Exchange 2007 server

certificate exchange-2007 outlook-2010

My first thought is this certificate is coming from somewhere else. I have seen it coming from a proxy in the past. However the first thing I would do is an Autodiscover test.

Hold down CTRL while right clicking on the Outlook icon in the system tray. Choose test email auto configuration.

Deselect the second and third options and run the test.

Look at the log for the URLs it tried. Ensure they resolve to the internal IP Address of the server. Then check the results and confirm the other URLs resolve there too.

If they are wrong then correct them. http://semb.ee/hostnames2007

Simon.


I seem to have solved the issue by removing an old, stopped, website from the IIS configuration.

To elaborate, I'll expand on the configuration a bit:

  • The server in question has two IP addresses. Let's call them 192.168.100.200 and 192.168.100.201 for now.
  • The main web site on the server is named "Default Web Site", as is often the case.
  • There was also a second web site named "OWA" in the configuration.
  • The SSL binding for the "Default Web Site" site is: type=https, Host Name=$null, IP Address=*, Binding Information=$null.
  • The previously mentioned binding is configured to use the current SSL certificate.

A second site, named "OWA", was unused and stopped, but it was bound to 192.168.100.201 (this is more specific than the SSL binding for the "Default Web Site" site). It was configured with an old certificate that was not visible when using the Get-ExchangeCertificate command. When users reached web resources via 192.168.100.201, IIS was, somehow, still serving the old certificate that was configured in the stopped "OWA" web site rather than the certificate that was configured in the "Default Web Site" site . Removing the "OWA" web site from the IIS configuration appears to have resolved this.

I've still got some concerns, as everything I've read says that it should not be possible for IIS to serve a certificate that does not exist in the cert store. This appears not to be the case, and will require some further research. Additionally, I plan to do some testing around this type of (mis)configuration in IIS. It seems to me that a stopped web site shouldn't have any effect on the certificate that is served by another web site.

Related

Rsync hangs: expand file_list pointer array to N bytes, did move
How properly handle deletion of pid.file in service script
Possible to set the specific order of a resource in a Pacemaker group?
Linux guest graceful shutdown in Hyper-V
Can't install Active Directory Management Gateway Service on Windows Server 2003 DC because hotfix 969166 is missing
docker-machine memory allocation
Using Route53 to point apex/root domain to Heroku application
Minimal set of rights to run a process on a Microsoft Windows Server
Amazon Lambda for video and image processing?
systemd-journald fails to start on CentOS 7
What file does a docker container execute on startup?
Replacement for MercuryMover