Certificate problem with Outlook2016 / Exchange2019

Aleksandar Babakov 41 Reputation points

Hi, I have deployed Exchange 2019 in our environment, two servers, Mail-1 and Mail-2 in primary site and one, Mail-3 on secondary site, in DAG configuration and site resilience. They are all deployed with PKI certificate (ex: mail."company".com). Internal domain is company.local. I have problem with Outlook 2016, although its connected successfully with Exchange and mail can be sent and receive, on every Outlook start, I have certificate error and sometimes its ask me for credential. ![58781-1.jpg][1] All the time is pointing me to servers with local suffix. On Exchange servers, I did configure virtual directories, for OWA, ECP and MAPI with public url: ![58674-2.jpg][2] I did consult a lot of forum, but nothing helps. Anyone? Best regards, [1]: /api/attachments/58781-1.jpg?platform=QnA [2]: /api/attachments/58674-2.jpg?platform=QnA

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,380 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ashok M 6,506 Reputation points


    Please check the Autodiscoverserviceinternaluri value. Get-ClientAccessService | select name,autodiscoverserviceinternaluri

    Set it to autodiscover.domain.com and make sure that entry is added in the certificate.

    Also check OAB, EWS virtual directory URL’s and Outlook Anywhere host name.

    If still prompt appears, please share the screenshot by removing the personal information.

    For credential prompt, it’s a different issue and we need to identify when it occurs. Make sure to check the Authentication settings in the virtual directories.


    If the above suggestion helps, please click on “Accept Answer” and upvote it.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Aleksandar Babakov 41 Reputation points

    Get-ClientAccessService | select name,autodiscoverserviceinternaluri:


    Certificate is with *.company.com, so its contain mail.company.com.

    I did additional changes to virtual directories, as suggested. All url, public and internal, are set with https://mail.company.com/.....

    Same thin again. Now only receive cert error for Mail-1.company.local and mail.company.local.

    Do I need to make restart on the Exchange servers, after making this changes?

    Best regards,
    Aleksandar B.

  2. Joyce Shen - MSFT 16,646 Reputation points

    Hi @Aleksandar Babakov

    Is there any update about your issue? Have you tried running the iisreset command in your environment and verify the result again?

    Yes we should use the external name as well for internal urls, since .local cannot be added to a certificate

    Here is also a related thread for your reference, which lists all the configuration we need to check in detail: security warning on SSL certificate displaying internal server name

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.