Forum Discussion
Off2w0rk
Dec 06, 2016Brass Contributor
Outlook - Certificate has been revoked
Hi all,
not sure if anyone has experienced it, but we are getting tthis error multiple times a day when using outlook.
It says :
Outlook.office365.com
Information you Exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
The security certificate for this site has been revoked,
This site should not be trusted,
If we dont click OK, outlook cannot send or receive emails. Sometime this window is hidden behind and therefor are not aware of it during the day.
if we click view certificate, it looks legit and everything seems to be ok. If enter OWA, we get same certificate(according to thumbprint), but there is no warning or error,
We have created a case with Exchange online team, but they say there are no error from their side and its internal network issue.
We have cleared certificate revoke list from our DNS servers without any help.
Any ideas on how to troubleshoot this further?
We use Outlook 2016 with latest updates and have all mailboxes in Exchange online.
I only have my archive mailbox attached to my outlook,
Thanks!
- Jeffrey BaltezegarCopper Contributor
Was resolution ever identified for this problem? I have the exact same issue with the exact same certificate. I opened a case with Microsoft support but they have not been any help so far.
No changes have been made to our network, the CRL isn't being blocked by anything, it doesn't contain the serial number of the certificate in question and the problem is intermittent.
- HapBrass Contributor
Unfortunately the cause was never found. MS was able to reproduce it twice on their end but didn't get the required logging. After that it didn't occur anymore.
As we didn't change anything on our end, I had a suspicion they fixed it silently in one of their updates recently. Have you tried updating Outlook to the latest update?
- Jeffrey BaltezegarCopper Contributor
Thank you for the response.
I'll test updates to see if that helps.
- Jane EthariaCopper Contributor
Jeffrey Baltezegar wrote:Was resolution ever identified for this problem? I have the exact same issue with the exact same certificate. I opened a case with Microsoft support but they have not been any help so far.
No changes have been made to our network, the CRL isn't being blocked by anything, it doesn't contain the serial number of the certificate in question and the problem is intermittent.
Hello Jeffrey,
We have a case open with Microsoft, they requested for logs and they have escalated it, so far its a waiting game. Not sure of others.
- Edgar GuerreroCopper ContributorWas it solved after updates?
- Javier GarciaCopper Contributor
Opened a 2nd ticket for Outlook since MS support always points fingers back and forth (117052515798731). Still getting no where and they've already quit trying to try and support the ticket since we are unable to reproduce the issue on command.
Note, we have tried applying the "workarounds" by suppressing the prompt in IE and Outlook (HKCU\software\policies\microsoft\office\16.0\outlook\security\usecrlchasing Value=2) but still doesn't seem to work.
Only solution so far is to roll people back to Office 2013.
- HapBrass Contributor
Javier Garcia wrote:Opened a 2nd ticket for Outlook since MS support always points fingers back and forth (117052515798731). Still getting no where and they've already quit trying to try and support the ticket since we are unable to reproduce the issue on command.
Note, we have tried applying the "workarounds" by suppressing the prompt in IE and Outlook (HKCU\software\policies\microsoft\office\16.0\outlook\security\usecrlchasing Value=2) but still doesn't seem to work.
Only solution so far is to roll people back to Office 2013.
Javier I got word you closed the case because you find the issue to be related to your reverse proxy, is this correct?
- Jane EthariaCopper Contributor
Hap wrote:
Javier Garcia wrote:Opened a 2nd ticket for Outlook since MS support always points fingers back and forth (117052515798731). Still getting no where and they've already quit trying to try and support the ticket since we are unable to reproduce the issue on command.
Note, we have tried applying the "workarounds" by suppressing the prompt in IE and Outlook (HKCU\software\policies\microsoft\office\16.0\outlook\security\usecrlchasing Value=2) but still doesn't seem to work.
Only solution so far is to roll people back to Office 2013.
Javier I got word you closed the case because you find the issue to be related to your reverse proxy, is this correct?
Thank you for the response. we opened a case and worked with MS support on the issue and they recommended bypassing autodiscover by modifying the registry keys, however issue still persists. Issue only affects a couple of users. Will check to make sure they have the latest Office 2016 updates
and alos run an online full repair. We prefer not to downgrade to Office 2013.
- HapBrass Contributor
Our case is also still open (REG:117052315783924). Not getting closer to a solution yet unfortunately. They keep asking for traces we cannot give as the issue can't be reproduced on demand. In the mean time I've supplied some dump files, but that didn't bring us any closer as well it seems... I'll update when we get more news from MS.
- Javier GarciaCopper Contributor
Same issue. Exchange 2013, Load-balanced servers via Netscaler. Noticed after upgrading clients to 2016. Ticket open with MS support but their only solution is to disable the "Check for Publisher's Certificate Revocation" in IE which is not a real solution.
- HapBrass ContributorCan you send me your support nr? I will create a premier support request today and can reference your ticket.
- MichaeL3_6Copper Contributor
I keep getting the message outlook. Office365.Com has had its security certificate revoked. Is this true? What action should I take?
- HapBrass Contributor
Having the exact same issue here since upgrading to Outlook 2016 icw Exchange 2016 onprem. fyi we are using a Netscaler as a reverse proxy.
Has anyone found a fix for this?
- David ValcourtCopper Contributor
Has anyone found a solution to this? I'm experiencing it with Exchange 2016 CU2 on-prem.
- Vishal KalalBrass Contributor
Is this issue causing for all the users or limited users? what is your outlook version? If this is happening only for outlook 2013, refer to the MS article to resolve this you need to install hotfix-
https://support.microsoft.com/en-us/help/3007582/certificate-error-message-when-you-start-outlook-
- HapBrass ContributorThis is not relevant. We are seeing a certificate revoked message when there is nothing wrong with the certificate. Also the message doesn't pop up when creating a profile, but during use of Outlook, about once or twice a day. Sometimes it doesn't popup for days.
- Mike ParkerIron ContributorHi,
Have you verified that you can contact the CRL from within your network and that the certificate thumbprint of the cert you are getting the error with isn't in that list? I have seen issues like this normally for a couple of hours but nothing long term. Just off the top of my head it sounds like it could be some issue contacting the CRL or some sort of Proxy in the middle of your clients and Exchange Online which is doing something strange with certificates?
Mike- Off2w0rkBrass Contributor
Hi Mark,
yes we can access the urls fine and the certificate is not on revoke list.
We do use Zscaler for web filtering, but since the urls are not blocked and are accessible it is pretty strange. We had this issue for almost a year now, even before we implemented Zscaler.
Im not the only one getting this error either, since more and more users are complaining about it. Since EXO team closed the case, there is nothing much we can do.
- Robert SkawinskiCopper Contributor
Hi,
same Problem here. We are deploying a new Exchange Server 2016 and some Clients have this problem sometimes.
- CA-ROOT is inside Trusted Root Certification Authorities
- Internet Explorer shows everything as valid
- CRL is reachable from inside and outside
Please help
br
Robert Skawinski