Access Keys:
Skip to content (Access Key - 0)

Outlook 2016, 2013 and 2010 SSL Cert Solution

Scope:

For Windows clients using exchange.mit.edu email services who are NOT win.mit.edu domain joined machines.

Purpose:

This document provides a solution for Outlook 2016, Outlook 2013 and Outlook 2010 and clients that receive an SSL Cert error upon loading a new or existing profile. This error appears as a Security Alert for mit.edu which notes “The application experienced an internal error loading the SSL libraries. This site should not be trusted.” There is no actual problem with the certificate returned. This is an issue with Outlook’s AutoDiscover process.

Example:

Verbose:

This alert is due to a change in Outlook client behavior with Windows 8.x and Outlook 2013 although reports have surfaced from clients running Outlook 2016 and Outlook 2010. In all cases, a registry fix can be applied which removes the invalid connection attempt that generates this error. The connection attempt is made concurrently with other Exchange AutoDiscover protocol queries and exempting this request does not impact the security or usability of Outlook or the Exchange platform for email.

Solution:

Warnings

This solution describes changes to the Windows Registry.
Serious problems might occur if you modify the registry incorrectly. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, view following article in the Microsoft Knowledge Base:
322756 - How to back up and restore the registry in Windows
MIT IS&T and Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved.
These changes may cause problems if you use Exchange at another organization.
These Registry changes will work fine for computers reading mail from MIT's Exchange server, but have the potential to cause problems for computers that read mail from other Exchange servers. You may need to revert the changes if a computer leaves MIT or needs to connect to non-MIT Exchange servers.

Solution for Outlook 2016

Create or import the following key:

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\]
"ExcludeHttpsRootDomain"=dword:00000001

Solution for Outlook 2013

Create or import the following key:

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\AutoDiscover]
"ExcludeHttpsRootDomain"=dword:00000001

Solution for Outlook 2010

Create or import the following key:

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover]
"ExcludeHttpsRootDomain"=dword:00000001

Additional Information

Microsoft documents these Registry keys at the following article in the Microsoft Knowledge Base:
2212902 - Unexpected Autodiscover behavior when you have registry settings under the \Autodiscover key

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

January 12, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-ms-office-2016 c-ms-office-2016 Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki