Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Certificate Error When Opening Outlook

    Scheduled Pinned Locked Moved General pfSense Questions
    30 Posts 4 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann
      last edited by

      Outlook doesn't need an MX record to communicate with Exchange.

      Maybe the old IP is still in your DNS cache. Try to flush the cash.

      1 Reply Last reply Reply Quote 0
      • I
        Injection_Mold
        last edited by

        @viragomann:

        Outlook doesn't need an MX record to communicate with Exchange.

        Maybe the old IP is still in your DNS cache. Try to flush the cash.

        I deleted the MX record. back to where we were. I also flushed the DNS cache.

        1 Reply Last reply Reply Quote 0
        • I
          Injection_Mold
          last edited by

          @viragomann:

          Outlook doesn't need an MX record to communicate with Exchange.

          Maybe the old IP is still in your DNS cache. Try to flush the cash.

          Since deleting the MX record and flushing the cache, tracert is resolving mail.domain.com to server.domain.local now. Not sure if this will hold. Going to test Outlook now.

          1 Reply Last reply Reply Quote 0
          • I
            Injection_Mold
            last edited by

            @viragomann:

            Outlook doesn't need an MX record to communicate with Exchange.

            Maybe the old IP is still in your DNS cache. Try to flush the cash.

            Still getting the error. Its so random too. It does not come up everytime you open outlook and its not all users. It will jump around. One user will have an issue while another will not. All connected to same network. Any help is much appreciated.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              "tracert is resolving mail.domain.com to server.domain.local now"

              Huh??  What is the client using to access outlook.. an IP address a fqdn?  Your saying this fqdn resolves to different IPs?

              What are you clients using for dns?  Here is the thing its is bad idea to point a client to multiple dns that could resolve things differently..  So for example pointing client to both a local dns and a public dns is BAD idea..  You are never going to be sure which dns a client does or gets a response from.

              So if your asking for www.yourlocal.tld, public dns sure and the hell not going to know about that..  So if your clients need to resolve stuff that only resolves locally then only thing they should point to for dns is dns that can resolve that local stuff.

              If your saying it pops up here or there sounds like to me you have an issue to where your clients are going..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • I
                Injection_Mold
                last edited by

                @johnpoz:

                "tracert is resolving mail.domain.com to server.domain.local now"

                Huh??  What is the client using to access outlook.. an IP address a fqdn?  Your saying this fqdn resolves to different IPs?

                What are you clients using for dns?  Here is the thing its is bad idea to point a client to multiple dns that could resolve things differently..  So for example pointing client to both a local dns and a public dns is BAD idea..  You are never going to be sure which dns a client does or gets a response from.

                So if your asking for www.yourlocal.tld, public dns sure and the hell not going to know about that..  So if your clients need to resolve stuff that only resolves locally then only thing they should point to for dns is dns that can resolve that local stuff.

                If your saying it pops up here or there sounds like to me you have an issue to where your clients are going..

                Outlook is pointing to server.domain.local. Not sure where to begin. What is the first thing I should check?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  "server.domain.local"

                  so what does that client use for dns?  .local is only going to resolve with a local dns that has record for that.. that sure is not going to work on public internet.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • I
                    Injection_Mold
                    last edited by

                    @johnpoz:

                    "server.domain.local"

                    so what does that client use for dns?  .local is only going to resolve with a local dns that has record for that.. that sure is not going to work on public internet.

                    IP config shows local server for DNS and google for secondary which is how it has always been. Never had an issue with this before. But yes, DNS is pointing to local DC.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      and it also points to google..  So if client asks google for your server name.. What is it going to get back.. server.domain.local is not going to resolve on google..

                      As I stated before its BAD BAD BAD idea to use dns that can not resolve the same stuff to the same IPs..  You can not be sure what the client is going to use.. Be it you hadn't run into issues before is besides the point..

                      Lets say I am using server.somedomain.com, but I do not own this somedomain.com on the public.. Or lets say I do even.  But my local dns points to 192.168.1.100, if I ask google for it what gets returned… It sure and the hell not going to be 192.168.1.100.. It might be the pubic IP, but then for me to access that it has to be a nat reflection, etc.

                      Or maybe it points me to some other server since I don't own somedomain.com

                      Pointing to name servers that can not return the same data is BAD idea!!!  If you want 2, then point to 2 local ones that both resolve all your local stuff to the same IP.  Public is going to be public - but pointing to a local server that resolves you local stuff and having a secondary server that does not resolve your local stuff is just BAD with issues waiting to happen.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • I
                        Injection_Mold
                        last edited by

                        @johnpoz:

                        and it also points to google..  So if client asks google for your server name.. What is it going to get back.. server.domain.local is not going to resolve on google..

                        As I stated before its BAD BAD BAD idea to use dns that can not resolve the same stuff to the same IPs..  You can not be sure what the client is going to use.. Be it you hadn't run into issues before is besides the point..

                        Lets say I am using server.somedomain.com, but I do not own this somedomain.com on the public.. Or lets say I do even.  But my local dns points to 192.168.1.100, if I ask google for it what gets returned… It sure and the hell not going to be 192.168.1.100.. It might be the pubic IP, but then for me to access that it has to be a nat reflection, etc.

                        Or maybe it points me to some other server since I don't own somedomain.com

                        Pointing to name servers that can not return the same data is BAD idea!!!  If you want 2, then point to 2 local ones that both resolve all your local stuff to the same IP.  Public is going to be public - but pointing to a local server that resolves you local stuff and having a secondary server that does not resolve your local stuff is just BAD with issues waiting to happen.

                        Ok, I have removed the secondary DNS server from DHCP scope. Testing Outlook now.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          validate the fqdn your trying to go to resolves to what its suppose to resolve too server.domain.local

                          simple ping, nslookup, dig, drill whatever your fav dns query tool is so you can see the answer.  Ping works in a pinch to what the name resolves too.  Be it answers or not.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.