"Unable to establish a secure connection..."

[RickGreg]

I'm using Entourage 2004 in Leopard as a POP mail client for my wife's
AT&T/Yahoo mail account. All system and MS software have been updated to
latest builds.

AT&T changed its security requirements several months ago to include SSL.
Ever since, every time we start entourage, we get an error that says:

"Unable to establish a secure connection to pop-sbc.mail.akadns.net because
the correct root certificate is not installed.

If you continue, the information you view and send will not be secure."


If I click OK, everything works fine, although presumably my security is
compromised. I am more concerned with the inconvenience of having to
manually click through this every time I start up Entourage.

Any thoughts on a fix? AT&T has been useless in responding. Web searches
have turnd up no obvious solutions.

Thanks!

 

[Diane Ross]

Known problem. It's just a big nuisance but we hope to see a fix soon.

 

[Thomas Moy]

Just installed the Office 2008 12.1.2 updater. No joy :-(

Sigh.

 

[Diane Ross]

Same here. I'm trying to find out what happened. It was listed as a fix.

 

[Guest]

Hi All,
Since updating to 12.1.2 yesterday, I've been getting TWO 'unable to establish' messages...
Chris

 

[Chris_H]

Allow me to clarify - I get two when I connect via the LAN, only one when I connect wirelessly.

 

[Diane Ross]

Allow me to clarify - I get two when I connect via the LAN, only one when I
connect wirelessly.

Some users are still having problems. I will be posting a fix on the
Entourage Help Blog shortly about how to fix this.

<http://blog.entourage.mvps.org/> Be sure to subscribe so you get all the
latest news.

 

[Max Gilbert]

Just installed the Office 2008 12.1.2 updater. No joy :-(

Sigh.

Hi all:
Here my experience for whatever it's worth. I'm running Entourage 11.4.0 on
OS 10.4.

I had the same problem on my first install. After complaining to our
department IT staff, they checked with the system-wide LAN administrator,
who furnished me a root certificate, but they weren't familiar enough with
Macs to install it.

So I had to figure it out for myself using the Help menus. I tried to first
install the certificate into the Keychain X509 Anchors as described in the
Microsoft Office Help menu (search for "Install root certificates")...

That made some difference--the "unable to establish a secure connection..."
alert did not pop up as before, every time Entourage was launched--but it
still popped up occasionally when left running...

Then I decided to try using the Microsoft Certificate Manager app (located
in Office folder), described in the same Help menu instructions--to check
whether the certificate perhaps needed converting (as also referenced in the
same instructions). But the Help info didn't really provide enough detail on
how to use it.

So I opened the app, clicked "Import," navigated to the certificate, clicked
"Open"--and the app automatically placed the certificate where it wanted it
under the "Intermediate Certificate Authorities" tab...

That was a year ago. Haven't had any more similar issues since!

Hope that helps someone...

 

[dnk]

Ok, for those of you using leopard and entourage 2008. I found a solution
that worked for me.

I use a regular imap server (no exchange) with a tls/ssl connection. My
leopard and entourage are patched to the hilt. Now one of the ways you could
(or used to be able to do) is get the certificate by hitting up the secure
https connection in safari, and drag out the certificate. I had done it a
billion times. Then simply double click and add to the login item, etc. Well
for some reason when doign that it worked with the apple mail app, and some
others. But never Entourage.

So I was trying some of the command line tools, and one of them reported
back a detail about the certificate terminating abnormally. So that made me
think something was wrong with the certificate itself. Fortunately in my case
I am the server admin, so I grabbed the actual certificate in pem format from
my server and transfered it local to my desktop.... I then double clicked
that one in the exact same way as I had with the previous ones.. and now my
entourage works.

So long story short, I am not sure how other people are getting the
certificate for import, but maybe make sure the certificate is valid, or
something along those lines.

 

[nicsmith25]

I'm using Entourage 2008 in Leopard as a POP mail client and I have an att.net account and per AT&T I had to enable SSL, but when I do I can't get or send emails and I get the error message that says:
"Unable to establish a secure connection

What do I do to fix this problem...This is my first MAC, which I just purchased a few days ago, so I will need some step by step instructions. Thanks.

 

[Thomas Moy]

12.1.3 update clearly states this error should be wiped out. But I'm
still getting it. Connecting to an Exchange 2007 hosting provider,
Intermedia.net

From http://support.microsoft.com/kb/958267 :

"Reliability is improved when you try to securely connect to your
mailbox on a computer that is running Exchange Server 2007. This update
fixes an issue that occurs when you try to securely connect to your
mailbox on a computer that is running Microsoft Exchange Server 2007
after you upgrade to the Office 2008 for Mac 12.1.2 update. You receive
the following warning message:

"Unable to establish a secure connection to mailbox_servername because
the server name or IP address does not match the name or IP address on
the server’s certificate. If you continue, the information you view and
send will be encrypted, but will not be secure. "

:-(

Best,
Tom

 

[Diane Ross]

12.1.3 update clearly states this error should be wiped out. But I'm
still getting it.

My understanding it has something to do with the certificate. As of SP1,
Entourage looks for the AutoDiscover xml file. If you take a look in the
Exchange 2007 AutoDiscover whitepaper, you'll see it uses two URLs to look
for the autodiscover xml file. Both URLs are based off your SMTP address in
your email address - it doesn't matter what server you connect to.

You can take a look at the AutoDiscover whitepaper here:
http://technet.microsoft.com/en-us/library/bb332063.aspx

Here is an example for Joe Blow.

In this case, all email addresses from Joe's server end with @blow.net. This
means we will connect to autodiscover.blow.net and blow.net looking for the
xml file. If Joe's server happened to host another email domain and gave out
email addresses ending in @joesfriends.com, then Entourage would connect to
autodiscover.joesfriends.com and joesfriends.com looking for the
Autodiscover xml file. The actual urls that we connect to in this case are:

https://autodiscover.blow.net/autodiscover/autodiscover.xml
https://blow.net/autodiscover/autodiscover.xml

Since the first one doesn't exist (no DNS record), we try the second one.
But the cert at that the second location does not have "Blow.net" on the
cert, thus you get a host name mismatch error and Entourage shows the
dialog.

The fix in this case would be to:

1) Add Blow.net to the cert located at: https://blow.net

2) Create a DNS record for autodiscover.blow.net and point it at the same
server as rapier.blow.net as well as add autodiscover.blow.net to the
certificate as well as rapier.blow.net.

Let me know if this helps.

 

[Sebastian]

2) Create a DNS record forautodiscover.blow.net and point it at the same

server as rapier.blow.net as well as addautodiscover.blow.net to the
certificate as well as rapier.blow.net.

I have the same problem.
Your solution does not work for me, since stupid Entourage looks first
on
"autodiscover.mydomain.de"(which is ok now), but afterwards still
looks for "mydomain.de".
The second one fails and can't be fixed by me for now, since mydomain
and www.mydomain share the IP for now :-/

Why is there no checkbox oder hidden switch to disable autodiscover?
I rearly start to hate M$ for ignoring problems you have

 

[Diane Ross]

I have the same problem.
Your solution does not work for me, since stupid Entourage looks first
on
"autodiscover.mydomain.de"(which is ok now), but afterwards still
looks for "mydomain.de".
The second one fails and can't be fixed by me for now, since mydomain
and www.mydomain share the IP for now :-/

Why is there no checkbox oder hidden switch to disable autodiscover?
I rearly start to hate M$ for ignoring problems you have

See Amir's blog post on this for more info:

<http://blogs.technet.com/amir/archive/2008/07/16/ssl-warning-issue-in-entou
rage-2008.aspx>

 

[ciara]

Hi Diane;

Your solution may work for those in control of DNS and domains - but what
about us who are using hosted email -- i have host monster -- i am not the
administrator of the domain or the email accounts... i get this message all
day long - even though i get mail fine. i get it for my gmail accounts too
- again i have no control over gmail certs.
thanks
ml

 

[Diane Ross]

If it makes you feel any better I am in the same situation. It drives me
nuts. Luckily mine is a test account so I created a new Identity and have it
there for testing. If I do find a solution, I will post it.

 

[mary.lou.the.crafty]

I managed to fix it -- my host had two choices for port for smtp (secure) --
I switched to the other port and a valid cert was found (or I think so as
the error message has not yet occurred since that change...) - I stumbled on
a post online for some college for students setting up email -- that led me
to the correct search time in my host support site.
Thanks
Ml

 

[newguy]

I am having the same issue now that i upgraded to Entourage 2008. We run our
own Exchange 2007 server and manage our DNS. I am still confused on the error
because we are not using SSL on the Exchange server. So why are we getting
the error? This is very frustrating. Does anyone have a solution? I saw the
post about installing a root cert but I don't know why i need that.