Oh. No. I'm not aware of a way to suppress it. And I don't know why it happens at some clients and not at others (other than the TCP timeout limit).
I have a higher-ed client where it happens all the time. I've got another higher-ed client where it has never been reported. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Damien Solodow Sent: Monday, October 17, 2016 4:09 PM To: exchange@lists.myitforum.com Subject: RE: [Exchange] Outlook certificate error? We have SSL offload internal; it's handled by an Exchange virtual server on an F5 LTM. Internal DNS resolves to the IP of that virtual server, External DNS resolves to a public NAT for that virtual server. I should have been clearer on *what* happens inside our network. :) We've had the issue (pop-up message) occur internally when moving between wired/wireless. DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) HARRISON COLLEGE From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Monday, October 17, 2016 3:59 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Outlook certificate error? So you don't have SSL offload internally? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Damien Solodow Sent: Monday, October 17, 2016 3:26 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Outlook certificate error? Should be truly split; internal and external return different IPs for the FQDN, and you can't reach internal from external and vice-versa. DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) HARRISON COLLEGE From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Monday, October 17, 2016 2:41 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Outlook certificate error? Is your DNS truly split? Or does your routing environment do "router on a stick"? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Damien Solodow Sent: Monday, October 17, 2016 1:34 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Outlook certificate error? That's what I was thinking (the network change) as Outlook/Exchange has *never* liked that. I'll check the firewall, but I'm thinking it's not there as it happens inside our network. Do you know if there is a way to suppress that message or is the solution just tell people "close Outlook before changing networks"? DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) HARRISON COLLEGE From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Monday, October 17, 2016 1:17 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Outlook certificate error? This typically happens when a network changes beneath Outlook and the new network requires a re-auth (think of going from a docked/wired configuration to wireless when you undock). This means that Outlook's TCP ports get closed unexpectedly. However, whenever I see SSL offload mentioned - I start thinking about TCP port lifetime on the firewall. Microsoft recommends 2 hours for Exchange ports. I know that using 1 hour will work. But my initial guess is that you've (that's the "global you" as in someone at your organization) have lowered to a number less than that. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Damien Solodow Sent: Monday, October 17, 2016 9:31 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Outlook certificate error? Already did that. :) Although since I'm doing SSL offload, the IIS certs shouldn't matter. DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) HARRISON COLLEGE From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Debora Gilbert Sent: Saturday, October 15, 2016 8:58 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: Re: [Exchange] Outlook certificate error? Damien Check your IIS certs and make sure you're not using a self signed one. Deb From: <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on behalf of Damien Solodow <damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>> Reply-To: <exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>> Date: Wednesday, October 12, 2016 at 14:46 To: "Exchange@lists.myITforum.com<mailto:Exchange@lists.myITforum.com>" <Exchange@lists.myITforum.com<mailto:Exchange@lists.myITforum.com>> Subject: [Exchange] Outlook certificate error? We've been intermittently finding an odd issue; Outlook will pop-up the following message: There is a problem with the proxy server's security certificate. Outlook is unable to connect to the proxy server FQDN. (Error Code 80000000). Clicking Ok on the message gets rid of it and Outlook acts normal. I've looked at the Outlook connection status while the message is onscreen, and it shows successful connections to HTTPS as well as usually a disconnected one for the mailbox. OWA doesn't show any cert issues, and it's sporadic. Exchange 2010 SP3, CU14 on Windows Server 2008 R2 SP1.k Clients are Windows 7 SP1 x64, with Outlook 2013 SP1 x86. Our CAS servers are behind an F5-LTM doing SSL off-load. This isn't a new setup; the issue start occurring in the couple months as far as I've been able to determine. DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) HARRISON COLLEGE 550 East Washington Street Indianapolis, IN 46204 www.harrison.edu<http://www.harrison.edu/>