Thursday, August 31, 2017

Outlook is unable to connect to the proxy server. (Error Code 0)

I'm currently in the process of performing another Exchange 2010 to Exchange 2016 migration for a customer.  When moving the first mailbox to Exchange 2016, the following error occurred:

There is a problem with the proxy server's security certificate.
The name on the security certificate is invalid or does not match the name of the target site mail.domain.com

Outlook is unable to connect to the proxy server. (Error Code 0)

 
Most information on the internet regarding this error points at either a certificate issue as per https://support.microsoft.com/kb/923575 or the Exchange System Attendant Service not running which no longer exists in later versions past Exchange 2010.
 
The Microsoft Remote Connectivity analyzer passed fine with no certificate areas and I validated that the certificate was correct:
  • The Root certificate is installed correctly on the server with the correct thumbprint.
  • The intermediate certificate is installed correctly on the server with the correct thumbprint.
  • Awildcard certificate is installed on the server with private key and the certificate chain is healthy.
  • The certificate is valid expiry date and has a valid subject name.
  • All names on the virtual directories for Exchange match a valid name trusted by the wildcard certificate.
After hours of troubleshooting I isolated the issue down to Group Policy and then finally down to this specific policy setting applied to the User Account:

"RPC/HTTP Connection Flags"

This is located under User Configuration --> Administrative Templates --> Microsoft Office 2013 --> Account Settings --> Exchange

Provided you have the Exchange 2013 ADMX installed in the Group Policy Central Store.
 

 
After setting this policy back to "Not Configured" and refreshing policy on the users, the error was resolved.

2 comments:

  1. I have exactly this error since three weeks. Did you link the GPO to User OU, where the Users exist?

    ReplyDelete
  2. Yes this policy is a user setting.

    As a test isolate the user from all group policy by moving them to a temporary OU with block policy inheritance set.

    Refresh policy or better recreate the users windows profile and test.

    If the issue does not occur, you know its policy.

    Use gpresult and rsop.msc to identify the policy causing the issue, in my case it was the one above.

    ReplyDelete