Should be truly split; internal and external return different IPs for the FQDN, 
and you can't reach internal from external and vice-versa.

DAMIEN SOLODOW
Senior Systems Engineer
317.447.6033 (office)
HARRISON COLLEGE

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Monday, October 17, 2016 2:41 PM
To: exchange@lists.myitforum.com
Subject: RE: [Exchange] Outlook certificate error?

Is your DNS truly split? Or does your routing environment do "router on a 
stick"?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Damien Solodow
Sent: Monday, October 17, 2016 1:34 PM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: RE: [Exchange] Outlook certificate error?

That's what I was thinking (the network change) as Outlook/Exchange has *never* 
liked that. I'll check the firewall, but I'm thinking it's not there as it 
happens inside our network.
Do you know if there is a way to suppress that message or is the solution just 
tell people "close Outlook before changing networks"?

DAMIEN SOLODOW
Senior Systems Engineer
317.447.6033 (office)
HARRISON COLLEGE

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Monday, October 17, 2016 1:17 PM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: RE: [Exchange] Outlook certificate error?

This typically happens when a network changes beneath Outlook and the new 
network requires a re-auth (think of going from a docked/wired configuration to 
wireless when you undock). This means that Outlook's TCP ports get closed 
unexpectedly.

However, whenever I see SSL offload mentioned - I start thinking about TCP port 
lifetime on the firewall. Microsoft recommends 2 hours for Exchange ports. I 
know that using 1 hour will work. But my initial guess is that you've (that's 
the "global you" as in someone at your organization) have lowered to a number 
less than that.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Damien Solodow
Sent: Monday, October 17, 2016 9:31 AM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: RE: [Exchange] Outlook certificate error?

Already did that. :) Although since I'm doing SSL offload, the IIS certs 
shouldn't matter.

DAMIEN SOLODOW
Senior Systems Engineer
317.447.6033 (office)
HARRISON COLLEGE

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Debora Gilbert
Sent: Saturday, October 15, 2016 8:58 PM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: Re: [Exchange] Outlook certificate error?

Damien

Check your IIS certs and make sure you're not using a self signed one.

Deb

From: <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> 
on behalf of Damien Solodow 
<damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>>
Reply-To: <exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>>
Date: Wednesday, October 12, 2016 at 14:46
To: "Exchange@lists.myITforum.com<mailto:Exchange@lists.myITforum.com>" 
<Exchange@lists.myITforum.com<mailto:Exchange@lists.myITforum.com>>
Subject: [Exchange] Outlook certificate error?

We've been intermittently finding an odd issue; Outlook will pop-up the 
following message:
There is a problem with the proxy server's security certificate.
Outlook is unable to connect to the proxy server FQDN.
(Error Code 80000000).

Clicking Ok on the message gets rid of it and Outlook acts normal. I've looked 
at the Outlook connection status while the message is onscreen, and it shows 
successful connections to HTTPS as well as usually a disconnected one for the 
mailbox. OWA doesn't show any cert issues, and it's sporadic.

Exchange 2010 SP3, CU14 on Windows Server 2008 R2 SP1.k
Clients are Windows 7 SP1 x64, with Outlook 2013 SP1 x86.
Our CAS servers are behind an F5-LTM doing SSL off-load.
This isn't a new setup; the issue start occurring in the couple months as far 
as I've been able to determine.

DAMIEN SOLODOW
Senior Systems Engineer
317.447.6033 (office)
HARRISON COLLEGE
550 East Washington Street
Indianapolis, IN 46204
www.harrison.edu<http://www.harrison.edu/>


Reply via email to