Share via

Outlook Mobile App authentication error Exchange 2019

Susan Dodds 241 Reputation points
2025-03-31T17:19:51.67+00:00

On premise Exchange 2019. Self-signed certificate.

I had to renew my self-signed certificate.

The old self-signed certificate originated from an Exchange 2016 server. This certificate worked ok on my Exchange 2019 server. I had to make a new Exchange 2019 server due to reasons and it continued to use the old self-signed certificate but I am not sure if new Outlook app accounts were created in the few months between the new server going into service and the new certificate being created on the new server.

However, the new certificate broke adding accounts to mobile Outlook apps.

Existing accounts in Outlook apps were grandfathered in and continue to work fine.

Is this entirely because of the self-signed certificate or is there something else that I can try?

The old Exchange 2019 server is still not fully decommissioned but is usually powered off. Powering it back on does not fix the issue.

Is there a setting on my new Exchange 2019 server I need to check?

Thanks

Exchange Exchange Server Management
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-04-01T08:35:36.22+00:00

    Hi,@Susan Dodds

    Thanks for posting your question in the Microsoft Q&A forum.

    Based on your description, it appears that your new Exchange 2019 server is not binding the certificates correctly.

    Are you using a self-signed certificate? As I understand it, self-signed certificates are automatically created when you deploy Exchange2019. You can refer to this link for details:https://learn.microsoft.com/en-us/exchange/architecture/client-access/certificates?view=exchserver-2016#certificates-in-exchange

    User's image

    If you want to use mobile Outlook to sign in to Exchange2019, it is recommended that you use an on-premises CA certificate as a minimum.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Techhelp Volunteer 230 Reputation points
    2025-04-10T13:02:20.92+00:00

    The issue you're experiencing with mobile Outlook apps failing to add new accounts (while existing ones continue to work) is likely related to certificate trust and authentication configuration on your new Exchange 2019 server. Here are the key things to check and potential solutions:

    1. Certificate Issues (Most Likely Cause)

    • Self-signed certificates are not trusted by mobile devices by default
    • Even if you installed the certificate on the devices, some mobile email clients (especially Outlook for iOS/Android) may still reject it
    • Solutions:
      • Obtain a publicly trusted certificate from a CA (DigiCert, GoDaddy, Let's Encrypt, etc.)
      • Ensure the certificate includes all necessary SANs (autodiscover.domain.com, mail.domain.com, etc.)
      • If you must use self-signed, ensure it's properly installed on all mobile devices

    2. Autodiscover Configuration

    • Verify your Autodiscover service is properly configured on the new server
    • Check with the Microsoft Remote Connectivity Analyzer: https://testconnectivity.microsoft.com
    • Ensure DNS records point to the new server (especially autodiscover.domain.com)

    3. Authentication Settings

    • Mobile Outlook uses Modern Authentication (OAuth 2.0) by default
    • Verify Modern Authentication is enabled: 
      
  Get-OrganizationConfig | fl OAuth*
      (Should show OAuth2ClientProfileEnabled as True)

    4. Virtual Directory URLs

    • Check your internal/external URLs match your certificate: 
      
  Get-WebServicesVirtualDirectory | fl InternalUrl,ExternalUrl

  Get-OABVirtualDirectory | fl InternalUrl,ExternalUrl

  Get-ActiveSyncVirtualDirectory | fl InternalUrl,ExternalUrl

  Get-ECPVirtualDirectory | fl InternalUrl,ExternalUrl

    5. Old Server Artifacts

    • Even powered off, if the old server's records still exist in AD, it could cause issues
    • Run Get-ExchangeServer to verify only your new server appears as valid

    Immediate Workaround:

    If you need a temporary fix before getting a proper certificate, you can try:

    1. On the mobile device, try adding the account manually (skip Autodiscover)
    2. Use the Outlook app's "Advanced Settings" to accept the untrusted certificate
    3. For testing, you could temporarily enable Basic Authentication (not recommended long-term)

    The most reliable solution is to obtain a proper certificate from a trusted CA. Self-signed certificates will continue to cause problems with mobile clients, especially newer versions of Outlook for iOS/Android.

    If my above response helps, you may share your vote so more users can find useful information on your case url

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.