Saturday, August 19, 2017
Home > There is a problem with the proxy server’s security certificate

There is a problem with the proxy server’s security certificate

2

Everyday users get the below popup when they open outlook

There is a problem with the proxy server’s security certificate
Outlook is unable to connect to the proxy server abl.cab.info (error code 80000000)

This issue is occurring intermittently there is no specific time when any random user would get the pop up.

830725

Attachments

830725.png
1

The error which outlook is reporting could be due to several reasons.
Some are listed below

  1. Certificate with missing SAN name
  2. Certificate is not trusted by client
  3. Certificate is expired
  4. If there is an incorrect msstd value set or its not matching with the issued to name of your certificate (This issue use to happen in legacy clients like Windows XP etc.)
  5. Wrong EXCH or EXPR value set – You can check the settings for outlook providers
    Run command get-outlookprovider, the msstd setting in the outlook client is picked up by Outlook from this outlook provider values, if it is kept blank the outlook will by default use the hostname you have sent up to connect.

Also the error matters, you need to focus on error code 80000000

The bitmask certificate problem codes are listed in the following table.
Description Error code
FLAG_CERT_REV_FAILED 0x00000001
FLAG_INVALID_CERT 0x00000002
FLAG_CERT_REVOKED 0x00000004
FLAG_INVALID_CA 0x00000008
FLAG_CERT_CN_INVALID 0x00000010
FLAG_CERT_DATE_INVALID 0x00000020
FLAG_CERT_WRONG_USAGE 0x00000040
FLAG_SECURITY_CHANNEL_ERROR 0x80000000

Do you have a F5 loadbalancer or any other doing SSL offloading, you need to check this area

Have you checked this technet article ?
https://social.technet.microsoft.com/Forums/office/en-US/e32fda1b-ae2d-46aa-a5ca-1973789ee949/error-message-on-ol2010-problem-with-proxy-certificate-80000000?forum=exchangesvrclients&prof=required

2

Mohammed,

All the checks have been done so far, the problem here is the issue is very sporadic so it kind of difficult to isolate
Yes, we have a F5 server and i will check on it.
Thanks for the answer!