Administration
This page
Other pages
Account
Outlook 2016, 2013 and 2010 SSL Cert Solution
Scope:
For Windows clients using exchange.mit.edu email services who are NOT win.mit.edu domain joined machines.
Purpose:
This document provides a solution for Outlook 2016, Outlook 2013 and Outlook 2010 and clients that receive an SSL Cert error upon loading a new or existing profile. This error appears as a Security Alert for mit.edu which notes “The application experienced an internal error loading the SSL libraries. This site should not be trusted.” There is no actual problem with the certificate returned. This is an issue with Outlook’s AutoDiscover process.
Example:
Verbose:
This alert is due to a change in Outlook client behavior with Windows 8.x and Outlook 2013 although reports have surfaced from clients running Outlook 2016 and Outlook 2010. In all cases, a registry fix can be applied which removes the invalid connection attempt that generates this error. The connection attempt is made concurrently with other Exchange AutoDiscover protocol queries and exempting this request does not impact the security or usability of Outlook or the Exchange platform for email.
Solution:
Warnings
 | This solution describes changes to the Windows Registry. Serious problems might occur if you modify the registry incorrectly. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, view following article in the Microsoft Knowledge Base: 322756 - How to back up and restore the registry in Windows MIT IS&T and Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. |
| These changes may cause problems if you use Exchange at another organization. These Registry changes will work fine for computers reading mail from MIT's Exchange server, but have the potential to cause problems for computers that read mail from other Exchange servers. You may need to revert the changes if a computer leaves MIT or needs to connect to non-MIT Exchange servers. |
Solution for Outlook 2016
Create or import the following key:
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\] "ExcludeHttpsRootDomain"=dword:00000001
Solution for Outlook 2013
Create or import the following key:
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\AutoDiscover] "ExcludeHttpsRootDomain"=dword:00000001
Solution for Outlook 2010
Create or import the following key:
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover] "ExcludeHttpsRootDomain"=dword:00000001
Additional Information
Microsoft documents these Registry keys at the following article in the Microsoft Knowledge Base:
2212902 - Unexpected Autodiscover behavior when you have registry settings under the \Autodiscover key
