Security warning popup in Outlook after UCC cert change. What did I miss?

Single Server Exchange 2013, Outlook 2013.

Periodically, users get a Security Alert as if they were still trying to connect to the internal server name. I don't see why. They do not get it when initially setting up the Outlook profile, so I think Autodiscover is working properly. Something else is wrong.

Users ARE able to access their email fine, just get an annoying cert warning every few hours and nothing I've tried helps. As you can see in the pictures below, Outlook connection info doesn't mention the internal server name at all.

Relevant Server Settings:

  • WebServicesVirtualDirectory Internal and External URLs : https://mail.domain.org/ews/exchange.asmx
  • OwaVirtualDirectory Internal and External URLs : https://mail.domain.org/owa
  • EcpVirtualDirectory Internal and External URLs : https://mail.domain.org/ecp
  • ActiveSyncVirtualDirectory Internal and External URLs : https://mail.domain.org/Microsoft-Server-ActiveSync
  • OabVirtualDirectory Internal and External URLs : https://mail.domain.org/OAB
  • AutoDiscoverServiceInternalUri Internal and External URLs : https://mail.domain.org/Autodiscover/Autodiscover.xml
  • OutlookAnywhere Internal and external hostnames : mail.domain.org

Pictures: [Cert error](https://i.imgur.com/daMsIzp.jpg)
[Outlook Connection Status](
https://i.imgur.com/U81HO8A.png)
[Outlook Anywhere poxy settings](
https://i.imgur.com/WQwEyzG.png)

Certificate:
UCC Certifcate has both mail.domain.org and autodiscover.domain.org

DNS:
Internal DNS resolves mail.domain.org to internal server's IP.
External DNS resolves mail.domain.org to correct external WAN IP.
Internal DNS looks like it has the right A records for mail.
domain.org and autodicover.domain.org

May 15th, 2015 12:57pm

It looks like you have it covered.  Run Outlook's Test E-mail Autoconfiguration and see if the Autodiscover results shows the server name anywhere.
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2015 3:14pm

I ran that yesterday. Didn't find the server name mentioned. I'm so baffled, haha

Here's the XML posted to pastebin.

http://pastebin.com/ZtGnDy5m

May 15th, 2015 3:40pm

You just have one server?
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2015 7:06pm

Yep, just the 1.

I have to think I messed up on the DNS somehow. 

May 15th, 2015 7:09pm

I don't see this as a DNS issue.  Are there any Outlook add-ins or anything like that that might be pointing to the server name?
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2015 10:27pm

You're so smart! Sadly , I did search for those, and only saw a Shorerel Communicator application. It's settings didn't make reference to the server. I poked around the app and couldn't trigger any security warnings. I can retry tomorrow morning though. Does outlook cache old connection settings somehow?
May 16th, 2015 1:26am

Outlook can be awfully sticky and you can see a lot of what it's stuck on in the profile in the registry.
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2015 1:40am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics