We recently had a new certificate issued for our Exchange environment, removing the Subject Alternative Name entries which were for '.local' domains.
We changed all our virtual directories to use our public FQDN for both internal and external mapping (we have split DNS set up to resolve the FQDN to local addresses from within our local network).
After installing the new certificate we realized (because of the certificate errors being received by clients) that the AutoDiscoverServiceInternalUri was still set to the old [hostname].[domain].local/autodiscover/autodiscover.xml location. So I then ran the Set-ClientAccessServer -Identity [server] -AutoDiscoverServiceInternalUri" https://[full public FQDN]/autodiscover/autodiscover.xml" command, and can now verify that the AutoDiscoverServiceInternalUri is set to the correct path.
Even after making these changes Outlook clients have continued to receive the same certificate error, showing that Outlook is still trying to connect to the old [hostname].[domain].local address and indicating that the name on the security certificate is invalid or does not match the name of the site. Although if we recreate a new Outlook profile they do not get the error, so I can only assume that all existing Outlook profiles are using some cached information.
I've run a Test E-Mail AutoConfiguration, and it does show that AutoConfiguration is connecting to the correct FQDN version of the Autodiscover file.
I have manually updated the Offline Address Book, and manually downloaded the address book on the client, but that has not resolved the problem.
Is there something I have missed? Is there some other step that needs to be performed to get all clients to use the new AutoDiscoverServiceInternalUri and forget about all references to the old one?