Single Server Exchange 2013, Outlook 2013.
Periodically, users get a Security Alert as if they were still trying to connect to the internal server name. I don't see why. They do not get it when initially setting up the Outlook profile, so I think Autodiscover is working properly. Something else is wrong.
Users ARE able to access their email fine, just get an annoying cert warning every few hours and nothing I've tried helps. As you can see in the pictures below, Outlook connection info doesn't mention the internal server name at all.
Relevant Server Settings:
- WebServicesVirtualDirectory Internal and External URLs : https://mail.domain.org/ews/exchange.asmx
- OwaVirtualDirectory Internal and External URLs : https://mail.domain.org/owa
- EcpVirtualDirectory Internal and External URLs : https://mail.domain.org/ecp
- ActiveSyncVirtualDirectory Internal and External URLs : https://mail.domain.org/Microsoft-Server-ActiveSync
- OabVirtualDirectory Internal and External URLs : https://mail.domain.org/OAB
- AutoDiscoverServiceInternalUri Internal and External URLs : https://mail.domain.org/Autodiscover/Autodiscover.xml
- OutlookAnywhere Internal and external hostnames : mail.domain.org
Pictures: [Cert error](https://i.imgur.com/daMsIzp.jpg)
[Outlook Connection Status](https://i.imgur.com/U81HO8A.png)
[Outlook Anywhere poxy settings](https://i.imgur.com/WQwEyzG.png)
UCC Certifcate has both mail.domain.org and autodiscover.domain.org
Internal DNS resolves mail.domain.org to internal server's IP.
External DNS resolves mail.domain.org to correct external WAN IP.
Internal DNS looks like it has the right A records for mail.domain.org and autodicover.domain.org