Article ID: 2783881 - View products that this article applies to.
When Microsoft Outlook performs an AutoDiscover operation and tries to connect to a service endpoint where the expected name is not present on the server's Secure Sockets Layer (SSL) certificate, you may receive a warning message that resembles the following:
When this warning message occurs, you can click Yes to accept the warning. However, it may reappear the next time AutoDiscover runs.
The name on the security certificate is invalid or does not match the name of the site.
Do you want to proceed?
You or administrators may want to suppress the warning message for a specific HTTP endpoint that is in your organization. This article contains information about how to do this.
You receive the warning when all of the following conditions are true:
Outlook uses the domain name part of the user's SMTP address to query DNS. In this example, the domain name is contoso.com. Outlook resolves contoso.com to an NS record for the DNS server. On the DNS server, IIS is configured to use an SSL certificate. The SSL certificate subject is DC1.contoso.com. However, Outlook tries to connect to https://contoso.com/autodiscover/autodiscover.xml. The certificate name mismatch causes Outlook to present the warning described earlier.
Use one of the following methods to work around this issue.
Method 1: Reissue a certificate that includes the domain name as the Subject Alternative NameReissue a certificate that includes the domain name (contoso.com) as the Subject Alternative Name. This solution may be appropriate if you cannot implement client-side registry keys, or have only a limited number of domains.
Method 2: Do not install the IIS service and DNS on the same serverInstall the IIS and DNS roles on separate servers.
Method 3: Do not install or bind an SSL certificate on the DNS server running IISIf the IIS site does not require SSL, you can remove the certificate. Or, you can unbind TCP 443 (SSL port) from the Default Web Site.
Method 4: Configure Outlook to allow the connection to the mismatched domain nameImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756To configure Outlook to ignore the name mismatch and connect to a specific HTTP endpoint, you can set or deploy a registry value. To do this, follow these steps:
(https://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
For more information about the AutoDiscover service, visit the following Microsoft TechNet website:
Article ID: 2783881 - Last Review: November 19, 2012 - Revision: 1.0