Recently I had completed setup of Office 365 coexistence for a client using Exchange 2007 and verified mail flow to/from Office 365 and free busy lookups. Abruptly one day mail flow stopped to Office 365 and Exchange console was showing the message “The certificate status could not be determined because the revocation check failed.”
After a quick search on the web, I found this article on Exchange team blog here but none of the scenarios applied in my case. Mail flow stopped to Office 365 as TLS connection could not be made to forefront servers. I was able to browse the CRL list of certificate providers from IE and was also able to validate this using the Digicert tool as shown below to verify internet connectivity.
It wasn’t until the CAPI2 log was enabled in event viewer that it was clear the problem was due to an IE Proxy server. IE proxy server connection was failing because it required authentication and therefore Exchange was not able to connect to CRL servers to verify certificates used for TLS connection to Office 365 servers.
As an additional note when using IE proxy, be sure to set the proxy attribute using Exchange management shell by running the command below:
Set-exchangeserver –identity “server name” –internetwebproxy “IE proxy name”
After a quick search on the web, I found this article on Exchange team blog here but none of the scenarios applied in my case. Mail flow stopped to Office 365 as TLS connection could not be made to forefront servers. I was able to browse the CRL list of certificate providers from IE and was also able to validate this using the Digicert tool as shown below to verify internet connectivity.
It wasn’t until the CAPI2 log was enabled in event viewer that it was clear the problem was due to an IE Proxy server. IE proxy server connection was failing because it required authentication and therefore Exchange was not able to connect to CRL servers to verify certificates used for TLS connection to Office 365 servers.
As an additional note when using IE proxy, be sure to set the proxy attribute using Exchange management shell by running the command below:
Set-exchangeserver –identity “server name” –internetwebproxy “IE proxy name”
