cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Outlook - Certificate has been revoked

Off2w0rk
Brass Contributor

‎Dec 06 2016 05:05 AM

‎Dec 06 2016 05:05 AM

Outlook - Certificate has been revoked

Hi all,

 

not sure if anyone has experienced it, but we are getting tthis error multiple times a day when using outlook.

It says :

 

Outlook.office365.com

Information you Exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.

The security certificate for this site has been revoked,

This site should not be trusted,

 

If we dont click OK, outlook cannot send or receive emails. Sometime this window is hidden behind and therefor are not aware of it during the day.

 

if we click view certificate, it looks legit and everything seems to be ok. If enter OWA, we get same certificate(according to thumbprint), but there is no warning or error,

 

We have created a case with Exchange online team, but they say there are no error from their side and its internal network issue.

We have cleared certificate revoke list from our DNS servers without any help.

Any ideas on how to troubleshoot this further?

 

We use Outlook 2016 with latest updates and have all mailboxes in Exchange online.

I only have my archive mailbox attached to my outlook,

 

Thanks!

Labels:
Preview file
60 KB
126K Views
1 Like
40 Replies
Reply
40 Replies
Mike Parker

‎Dec 07 2016 01:20 AM

‎Dec 07 2016 01:20 AM

Re: Outlook - Certificate has been revoked

Hi,

Have you verified that you can contact the CRL from within your network and that the certificate thumbprint of the cert you are getting the error with isn't in that list? I have seen issues like this normally for a couple of hours but nothing long term. Just off the top of my head it sounds like it could be some issue contacting the CRL or some sort of Proxy in the middle of your clients and Exchange Online which is doing something strange with certificates?

Mike
0 Likes
Reply
Off2w0rk

‎Dec 07 2016 01:51 AM

‎Dec 07 2016 01:51 AM

Re: Outlook - Certificate has been revoked

Hi Mark,

 

yes we can access the urls fine and the certificate is not on revoke list.

We do use Zscaler for web filtering, but since the urls are not blocked and are accessible it is pretty strange. We had this issue for almost a year now, even before we implemented Zscaler.

Im not the only one getting this error either, since more and more users are complaining about it. Since EXO team closed the case, there is nothing much we can do.

0 Likes
Reply
Robert Skawinski

‎Dec 15 2016 09:24 AM

‎Dec 15 2016 09:24 AM

Re: Outlook - Certificate has been revoked

Hi,

 

same Problem here. We are deploying a new Exchange Server 2016 and some Clients have this problem sometimes.

  • CA-ROOT is inside Trusted Root Certification Authorities
  • Internet Explorer shows everything as valid
  • CRL is reachable from inside and outside

Please help

 

br

Robert Skawinski

0 Likes
Reply
David Valcourt

‎Mar 29 2017 01:28 PM

‎Mar 29 2017 01:28 PM

Re: Outlook - Certificate has been revoked

Has anyone found a solution to this?  I'm experiencing it with Exchange 2016 CU2 on-prem.

0 Likes
Reply
Vishal Kalal

‎Mar 29 2017 10:06 PM - edited ‎Mar 29 2017 10:07 PM

‎Mar 29 2017 10:06 PM - edited ‎Mar 29 2017 10:07 PM

Re: Outlook - Certificate has been revoked

Is this issue causing for all the users or limited users? what is your outlook version? If this is happening only for outlook 2013, refer to the MS article to resolve this you need to install hotfix-

 

https://support.microsoft.com/en-us/help/3007582/certificate-error-message-when-you-start-outlook-

or-create-an-outlook-profile

 

0 Likes
Reply
Hap

‎May 09 2017 02:23 AM

‎May 09 2017 02:23 AM

Re: Outlook - Certificate has been revoked

Having the exact same issue here since upgrading to Outlook 2016 icw Exchange 2016 onprem. fyi we are using a Netscaler as a reverse proxy.

 

Has anyone found a fix for this?

0 Likes
Reply
Hap

‎May 09 2017 02:25 AM

‎May 09 2017 02:25 AM

Re: Outlook - Certificate has been revoked

This is not relevant. We are seeing a certificate revoked message when there is nothing wrong with the certificate. Also the message doesn't pop up when creating a profile, but during use of Outlook, about once or twice a day. Sometimes it doesn't popup for days.
0 Likes
Reply
Javier Garcia

‎May 22 2017 12:06 PM

‎May 22 2017 12:06 PM

Re: Outlook - Certificate has been revoked

Same issue. Exchange 2013, Load-balanced servers via Netscaler. Noticed after upgrading clients to 2016. Ticket open with MS support but their only solution is to disable the "Check for Publisher's Certificate Revocation" in IE which is not a real solution. 

0 Likes
Reply
Hap

‎May 23 2017 04:49 AM

‎May 23 2017 04:49 AM

Re: Outlook - Certificate has been revoked

Can you send me your support nr? I will create a premier support request today and can reference your ticket.
0 Likes
Reply
Paul Cunningham

‎May 23 2017 06:02 AM

‎May 23 2017 06:02 AM

Re: Outlook - Certificate has been revoked

If you're having certificate warnings in Outlook for an on-prem Exchange deployment you should post a screenshot here so we can see exactly what the warning says. There's a number of potential problems and solutions for certificate issues.

0 Likes
Reply
Amir Jafarian

‎May 23 2017 04:59 PM

‎May 23 2017 04:59 PM

Re: Outlook - Certificate has been revoked

Here is the error message (Office 365):

 

CertError.png

0 Likes
Reply
Paul Cunningham

‎May 23 2017 06:10 PM

‎May 23 2017 06:10 PM

Re: Outlook - Certificate has been revoked

@Amir Jafarian that looks like either a problem communicating with the CRL or there might be another issue with your system or an intermediate network device (like a proxy). Since you are connecting to Exchange Online you can raise a support ticket with Microsoft for troubleshooting assistance. You can also try running diagnostics with the SARA tool (https://diagnostics.outlook.com).

 

Other posters are complaining of certificate popups for on-premises Exchange server environments, which could be an entirely different problem with their server or certificate configuration.

2 Likes
Reply
James Chapman

‎May 24 2017 02:27 AM

‎May 24 2017 02:27 AM

Re: Outlook - Certificate has been revoked

Hi,

 

We're experiencing the same issue as @Amir Jafarian 

 

Fully patched msi version of Outlook 2016. Connecting to Exchange online. Sporadic Digicert certificate warnings across the org. Seems to happen most commonly when waking a device from sleep. I'd agree it looks like issues checking the CRL but can't find the cause.

 

We've got tickets open with Microsoft and our proxy vendor but not getting anywhere fast. We've had our proxy solution in place for some time without issue and nothing has changed.

 

I'll post if we find anything.

0 Likes
Reply
Javier Garcia

‎May 25 2017 10:10 AM

‎May 25 2017 10:10 AM

Re: Outlook - Certificate has been revoked

[REG:117051515740234]
0 Likes
Reply
Paul Cunningham

‎May 26 2017 04:20 AM

‎May 26 2017 04:20 AM

Re: Outlook - Certificate has been revoked

@James Chapman wrote:

can't find the cause.

 

our proxy solution

I'm not a betting man, but...

0 Likes
Reply
Hap

‎Jun 07 2017 01:10 AM

‎Jun 07 2017 01:10 AM

Re: Outlook - Certificate has been revoked

Thanks. I created a case as well and referenced yours. 

 

Found out something interesting. Everytime the revoked message appears, I have 2 Lync event in my application eventlog at exactly that timestamp:

 

Lync has enabled event logging.
Information about failed calls will be sent to the Windows event log.

 

and

 

LyncPlatform has enabled event logging.
Information about failed calls will be sent to the Windows event log.

 

Other than this, it seems totally random. Can stay away for weeks, then popup daily.

0 Likes
Reply
Hap

‎Jun 07 2017 01:12 AM

‎Jun 07 2017 01:12 AM

Re: Outlook - Certificate has been revoked

Just a quick note. We have the same issues, but no proxy in between. Doubt it is related to your (forward) proxy, or did you mean reverse?
0 Likes
Reply
Javier Garcia

‎Jun 07 2017 08:13 PM

‎Jun 07 2017 08:13 PM

Re: Outlook - Certificate has been revoked

Opened a 2nd ticket for Outlook since MS support always points fingers back and forth (117052515798731). Still getting no where and they've already quit trying to try and support the ticket since we are unable to reproduce the issue on command.

 

Note, we have tried applying the "workarounds" by suppressing the prompt in IE and Outlook (HKCU\software\policies\microsoft\office\16.0\outlook\security\usecrlchasing Value=2) but still doesn't seem to work. 

 

Only solution so far is to roll people back to Office 2013. 

0 Likes
Reply
Nitish Kumar

‎Jun 19 2017 11:02 PM

‎Jun 19 2017 11:02 PM

Re: Outlook - Certificate has been revoked

Can this be related to this?

 

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-ab...

 

I see addition of http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl in Office 365 Certificate Revocation List (Root URLs)

0 Likes
Reply