Situation The customer has recently merged with another company and is email.company1.com. They have 1 new 2010 server at their new domain email.company2.com in the same Active Directory domain. They have a wildcard certificate for company1, and a standard certificate for company2. Company2.com will be the new domain going forward. Currently the Set-OutlookProvider EXPR -CertPrincipalName is *.company1.com Problem They have hundreds of users on the 2007 servers still and they are functioning fine for Outlook Anywhere. Users on the new server (mostly IT staff) are getting certificate errors (SSL Name mismatch) because the MSSTD cert name distributed is the Wildcard certificate. Desired Outcome Configure MSSTD settings based on the mailbox server the users mailbox resides on. There must be a way to accomplish this. Exchange 2010 can't possibly expect all of a companies CAS servers to use the same certificate name.

The setting was not set previously. Since the 2010 servers were put in-place and set to collect the mail, the users with mailboxes on the 2007 servers (which had the FQDN of the old domain name) started recieving certificate name mismatch errors. We set the cert principle name to be the wildcard certifiate that's installed on the 2007 servers, but in doing so we triggered mismatch errors for the people on the 2010 servers with the new FQDNs. I want to know if there's a solution to have users with the primary SMTP address of email@company2.com to sucessfully use autodiscover without certificate name mismatches regardless of the server they're on (see server configuration below). EXCAS2007-01.company1.com EXCAS2007-02.company1.com EXCAS2010-01.company2.com EXCAS2010-02.company2.com Lee Vaniderstine | NewGen Technologies Corporation | www.newgen.ca

Hi This MSSTD value is mentioned in the value "certprincipalname" which is a common for the whole exchange organization this is configured @ the "set-outlookprovider expr" settings In your case, if you dont want to have the msstd values in the certprincipalname, you can disable the same command: set-outlookprovider expr -certprincipalname none Note: The mutual authentication from the client to the server won't be happening

Run get-outlookwebservices | fl cmdlet on the new server and check if it errors for anything. Pls post the output of that cmdlet run here. Sudhir Bidye.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Along with the above command, if you can run the commandlet and share the results? > get-OutlookProvider ExPR | fl Note: ==== IMO, the E2k7 servers had the *.domain.com; now the new E2010 servers would be having another SAN certificate with different Issued-to value. So, if you change the msstd value to none. The next autodiscovery cycle should be updating all the E2k7 and E2010 mailbox clients to have the Msstd value as none....so there shouldn't be any obstacle for the Outlook-anywhere communication. Cheers Aravind