We have moved to using a Wildcard SSL certificate to protect our Exchange platform. In implementing this change we have discovered an incompatibility with Wildcard SSL Certificates and Outlook on Microsoft Windows XP. Windows XP does not correctly match our security identifier of mail.thecloud.net.nz with the *.thecloud.net.nz SSL Certificate primary domain. As Windows XP is no longer support by Microsoft it is unlikely this will ever be fixed by an OS patch.
The most obvious resolution to this problem is to upgrade your computer operating system to a more current release of Windows. Any release of Windows from Vista onwards is not affected by this problem. If an OS upgrade is not possible the following resolutions may help.
To continue using Windows XP and resolve this issue we need to change the Principal Name configured in the Outlook profile on Windows XP computers. Unfortunately if your profile was created using Autodiscover any changes made will be reverted by the Autodiscover process so in most cases you will need to manually re-create the Outlook profile on the user's machine so that Autodiscover does not changes *.thecloud.net.nz back to mail.thecloud.net.nz.
The following article shows how to manually create a profile. Please make sure you substitute msstd:*.thecloud.net.nz for msstd:mail.thecloud.net.nz. This is the only place you need to change. The URL at the top of this page still needs to be mail.thecloud.net.nz.
How do I manually configure outlook (2010): http://support.vgrid.nz/entries/20105188-How-Do-I-Manually-configure-an-Exchange-Mailbox-in-Outlook-2010
If you do not want to re-create the profile it may be possible to disable Autodiscover for your domain by removing the autodiscover CNAME and/or SRV record and then editing the profile as below. You can only disable Autodiscover for an entire domain which may not be a desirable outcome so consider the ramifications carefully before you take this action.
These are the steps you need to take to update an existing profile. Note that if Autodiscover is working for your domain Outlook will revert this change back.
1. Go to the mail application in the control panel and open it.
2. Click on E-mail Accounts
3. Select your mailbox and then click on "change" at the top
4. Click on More settings --> Connection --> Exchange Proxy settings (at bottom)
5. Under "Only connect to proxy servers that have this principal name in their certificate:" replace msstd:mail.thecloud.net.nz with msstd:*.thecloud.net.nz as shown in the screenshot below:
6. Click on OK --> Restart the Outlook application. The username/password window will appear when Outlook starts. Enter your correct username and password and click enter.
7. If authentication fails on the first attempt try it again as sometimes it fails on the first attempt after changing these settings.
In some cases, Outlook will continue to pull down the autodiscover records of the domain. In order to prevent this from happening, follow these steps:
1. Open the computer's HOSTS file (C:\Windows\System32\Drivers\etc\hosts)
2. Add an entry that is formatted like so:
3. Flush the computer's DNS cache with the command
4. Reboot the machine to ensure that no cache data is kept
5. Verify that the blocking is in effect by performing a ping on the domain you entered in the HOSTS file. It should respond with the following output
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
This process ensures that the computer cannot connect to the autodiscover service. When the autodiscover fails, the computer will default to using the pre-configured profile.
If you continue to have issues with Outlook please email us at email@example.com