0

we are running and rather small domain network using an SBS 2003 and Exchange 2003 on the server side and outlook 2010 on the clients.

This setup has been working quite well for some years now and has not been changed lately, apart from installing security updates.

About a week ago some of the outlook clients (but not all) started showing a messagebox asking if the user wishes to continue configuring outlook using some autodiscover url.

Outlook still works and there is no problem sending or receiving mail. But the message keeps popping up every few minutes.

There are no error messages in the server's event log, but every client who's got this behaviour also has a huge number of schannel errors in its event log.

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
        <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /> 
        <EventID>36887</EventID> 
        <Version>0</Version> 
        <Level>2</Level> 
        <Task>0</Task> 
        <Opcode>0</Opcode> 
        <Keywords>0x8000000000000000</Keywords> 
        <TimeCreated SystemTime="2015-02-16T14:49:31.986543900Z" /> 
        <EventRecordID>60906</EventRecordID> 
        <Correlation /> 
        <Execution ProcessID="756" ThreadID="3236" /> 
        <Channel>System</Channel> 
        <Computer>MYCLIENTCOMPUTER</Computer> 
        <Security UserID="S-1-5-18" /> 
    </System>
    <EventData>
        <Data Name="AlertDesc">40</Data> 
    </EventData>
</Event>

And:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /> 
      <EventID>36887</EventID> 
      <Version>0</Version> 
      <Level>2</Level> 
      <Task>0</Task> 
      <Opcode>0</Opcode> 
      <Keywords>0x8000000000000000</Keywords> 
      <TimeCreated SystemTime="2015-02-16T14:49:31.910053200Z" /> 
      <EventRecordID>60903</EventRecordID> 
      <Correlation /> 
      <Execution ProcessID="756" ThreadID="3236" /> 
      <Channel>System</Channel> 
      <Computer>MYCLIENTCOMPUTER</Computer> 
      <Security UserID="S-1-5-18" /> 
    </System>
    <EventData>
      <Data Name="AlertDesc">112</Data> 
    </EventData>
</Event>

As far as I found out alert description 40 identifies a handshake error and 112 means "unrecognized name". Which could indicate some kind of DNS problem but again, there's no hint to that kind of problem in the server logs.

The ProcessID belongs to "Local Security Authority Process" (lsass). My first thought was that maybe the server certificates were outdated/invalid but they are fine.

Can anyone tell me what's wrong and how to get rid of this message?

Thanks in advance!

EDIT: I can't tell what comes first, the error messages in the logs or outlook's auto discover window, so maybe the TLS error is a result of outlook trying to find some auto discover xml on the Strato (our external email provider) servers.

Gooo
  • 13
  • 4

1 Answers1

0

Just as a reference to anyone else who ever runs into this problem.

I was unable to find the cause of the problem so after checking that really everything works I decided to simply deactivate auto discover as described by microsoft https://support.microsoft.com/kb/2612922 .

This has removed all symptoms of the described problem.

Gooo
  • 13
  • 4