When you use the Microsoft Remote Connectivity Analyzer tool to test the Outlook Anywhere feature in a Microsoft Office 365 environment, the tool displays the following error message:
- The user is repeatedly prompted for credentials and can't connect to Exchange Online by using Outlook Anywhere.
- The user receives the following error message when he or she uses Microsoft Outlook 2010 or Microsoft Office Outlook 2007 to create the Outlook profile automatically:An encrypted connection to your mail server is not available. Click Next to attempt using an unencrypted connection.
- The common name does not match the mutual authentication (msstd:) string that's entered in the Remote Connectivity Analyzer tool.
- The mutual authentication string is valid. However, the CertPrincipalName attribute for the EXPR OutlookProvider object that's stored in Active Directory is invalid.
Note The mutual authentication string equates to the Only connect to proxy servers that have this principal name in their certificate setting in the Exchange proxy settings in Outlook.
- View the web server certificate that's installed on the hybrid server, and confirm the common name to which the certificate was issued (for example, mail.contoso.com).
- Open the Exchange proxy settings in Outlook, and check that the fully qualified domain name (FQDN) in the Mutual Authentication Principal Name field is entered correctly (for example, msstd: mail.contoso.com).
- If it's necessary, run the following cmdlet by using Exchange Management Shell to change the CertPrincipalName attribute:
Set-OutlookProvider EXPR -CertPrincipalName:"msstd:mail.contoso.com"
For more information about the principal names, go to the following Microsoft Developer Network (MSDN) website:
Article ID: 2710606 - Last Review: Dec 28, 2016 - Revision: 1