Exchange 2013 Wildcard There is a problem with the proxy server’s security certificate

Exchange 2013 Wildcard there is a problem with the proxy server’s security certificate

I have recently come across a problem that only seems to affect Outlook 2010 or Outlook 2007 when connecting to Exchange 2013 with a wildcard certificate. This was also an issue in Exchange 2007 and 2010 but was often less obvious as Outlook Anywhere didn’t tend to be as heavily used. This does’t seem to affect all Outlook clients and is possibly related to the patch level of Office so do first check that your Office installation is patched up to the supported version or higher.

So the symptoms are this, when you setup a mail profile and autodiscover runs it finds the server and username with no issue but then displays the following error:

There is a problem with the proxy server’s security certificate. The name on the security certificate is invalid or does not match the name of the target site mail.domainname.com.

Outlook is unable to connect to the proxy server. (Error Code 0)

This is usually accompanied by a login prompt that never accepts your credentials and you get stuck in a credentials prompt loop.

Exchange 2013 Wildcard There is a problem with the proxy server's security certificate

There is a problem with the proxy server’s security certificate. The name on the security certificate is invalid or does not match the name of the target site mail.domainname.com. Outlook is unable to connect to the proxy server. (Error Code 0)

This error is caused by the CertPrincipalName value being returned as the external URL of Outlook Anywhere e.g msstd:mail.domainname.com. The name the certificate was issued to is actually *.domainname.com so Outlook is seeing this as a mismatch. You can manually correct the entry under the Connection tab and Exchange Proxy Settings but you will find that autodiscover will just change it back and next time you open Outlook the login prompt will be back.

The root cause of this is that Autodiscover gets the Outlook Anywhere settings from the Outlook Provider configuration, by default the CertPrincipalName is null so autodiscover uses the external URL of Outlook Anywhere, which is normally correct, except in the case of a wildcard certificate. To address this issue you will need to run the following in Exchange Management Shell:

Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domainname.com

And

Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*.domainname.com

You will need to wait a while for this to update or you can restart the world wide web service.

Note that the EXCH provider is new, in past version of Exchange changing the EXPR provider would have resolved the issue on its own.

Next time you try to configure the Outlook profile you should find autodiscover completes error free and the principal name under Exchange Proxy Setting will the desired wildcard entry.

I have another post on Exchange 2013 Outlook Anywhere issues that present similar symptoms so if this wasn’t your issue head over here and check out a bunch of other potential Outlook Anywhere hurdles.

Thanks for reading and hope this helps some people out.

2 thoughts on “Exchange 2013 Wildcard There is a problem with the proxy server’s security certificate

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>