This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 69%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi
We have an on-site Exchange 2016 server and users are currently using Outlook 2010. Everything works as expected.
We have recently added a new leased line with new external IP Address range.
We have an SMTP proxy firewall rule as follows 195.x.x.x (existing ip) to 10.x.x.x (email server)
I added the new IP address to this rule 62.x.x.x ( new ip) to 10.x.x.x. (Email server)
On our hosting portal there is an existing sub domain of mail.ourdomain.co.uk and A record of 195.x.x.x
i added a new A record of 62.x.x.x against mail.ourdomain.co.uk.
After a while users started to report that they are getting Security Alert - The security certificate was issued by a company you have not chosen to trust........ and The name on the security certificate is invalid or does not match the name of the site.
When they click yes to proceed they are constantly prompted by outlook for user name and password and can’t connect to outlook.
We use a certificate *.ourdomain.co.uk
Can anyone help with this as I need to eventually remove the old ip details of 195.x.x.x as we will be cancelling this ISP
Thanks
John
I suspect a root domain autodiscover lookup.
Try this reg tweak on a workstation seeing this issue and see if it fixes it:
To prevent Outlook 2016 from using the root domain of the user's SMTP address to locate the Autodiscover service, set the ExcludeHttpsRootDomain registry subkey to a value of 1. To do this, follow these steps:
Open Registry Editor.
Locate and then click the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Autodiscover
On the Edit menu, point to New, and then click DWORD Value.
Type ExcludeHttpsRootDomain, and then press Enter.
On the Edit menu, click Modify, type 1 in the Value data box, and then click OK.
Exit Registry Editor.
You can verify where its hanging up following this article:
You can use the following steps in Outlook to determine the method by which Outlook is trying to retrieve Autodiscover information from Exchange:
Start Outlook.
Press the CTRL key, right-click the Outlook icon in the notification area, and then click Test E-mail AutoConfiguration.
Verify the e-mail address is correctly entered in the E-mail Address box.
Enter your password if you are not logged into a domain or if you are accessing a mailbox that is different from your mailbox.
Click to clear the Use Guessmart and the Secure Guessmart Authentication check boxes.
Click Test.
Review the details on the Log tab.
The following figure shows the Log tab when the ExcludeScpLookup and ExcludeHttpsAutoDiscoverDomain values have been set to 1.
or use ExRCA
Thanks AndyDavid I will try this tomorrow and feed back the outcome
Sounds good @johnk . Please update when you get the chance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 82%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)
How the things going now? If still no good, can you provide two sreenshots like these :
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I am writing here to confirm with you how the thing going now?
If you need further help, please provide more detailed information, so that we can give more appropriate suggestions.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Andy and Eric
I appreciate your help with this. When this issue occurred I had to remove the new A record from our DNS as this was starting to cause problems. All our staff are working from home and as email is the main form of communication just now the last thing I needed was problems with email.
Removing this new A Record sorted the problem short term but I still need to move over to the new IP address range.
There is a local holiday coming up here and staff will not be working on Friday and and Monday so I plan to add the new A Record back into DNS and look at your suggestions then.
However is there anything that can be done to prevent this certificate/ security alert from happening rather than dealing with it when it does happen
Thanks
John
Did the registry change work that I posted earlier?
OK. I'm waiting for your updates here.