Do you want to proceed?
You or administrators may want to suppress the warning message for a specific HTTP endpoint that is in your organization. This article contains information about how to do this.
- DNS and the IIS service are installed on the same server, for example DC1.contoso.com.
- A Name Server (NS) record is created for the server.
- The IIS service is configured to use Secure Sockets Layer (SSL).
Outlook uses the domain name part of the user's SMTP address to query DNS. In this example, the domain name is contoso.com. Outlook resolves contoso.com to an NS record for the DNS server. On the DNS server, IIS is configured to use an SSL certificate. The SSL certificate subject is DC1.contoso.com. However, Outlook tries to connect to https://contoso.com/autodiscover/autodiscover.xml. The certificate name mismatch causes Outlook to present the warning described earlier.
Method 1: Reissue a certificate that includes the domain name as the Subject Alternative NameReissue a certificate that includes the domain name (contoso.com) as the Subject Alternative Name. This solution may be appropriate if you cannot implement client-side registry keys, or have only a limited number of domains.
Method 2: Do not install the IIS service and DNS on the same serverInstall the IIS and DNS roles on separate servers.
Method 3: Do not install or bind an SSL certificate on the DNS server running IISIf the IIS site does not require SSL, you can remove the certificate. Or, you can unbind TCP 443 (SSL port) from the Default Web Site.
Method 4: Configure Outlook to allow the connection to the mismatched domain nameImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
- Close Outlook.
- Start Registry Editor. To do this, use one of the following procedures, as appropriate for your version of Windows.
- Windows 10 and Windows 8: Press Windows Key + R to open a Run dialog box. Type regedit.exe and then press OK.
- Windows 7: Click Start, type regedit.exe in the search box, and then press Enter.
- Locate and then click to select the following registry subkey: HKEY_CURRENT_USER\Software\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServersNote You can also use the following registry subkey:HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServersWhere xx is 12.0 for Outlook 2007, 14.0 for Outlook 2010, 15.0 for Outlook 2013, and 16.0 for Outlook 2016
- Click the Edit menu, point to New, and then click String Value.
- Type the name of the HTTPS server to which AutoDiscover can be connect without warning for the user, and then press ENTER. For example, to allow a connection to https://contoso.com, the first String Value (REG_SZ) name would be as follows:
- You do not have to add text to the Value data box. The Data column should remain empty for the string values that you create.
- To add more HTTPS servers to which AutoDiscover can connect without displaying a warning, repeat steps 4 and 5 for each server.
- On the File menu, click Exit to exit Registry Editor.
Article ID: 2783881 - Last Review: Sep 23, 2015 - Revision: 1