Our current situation is one in which we have many Exchange 2007 servers, separate internal/external DNS systems under different domain names, and now that we've introduced Outlook 2010 we are getting SSL security prompts in Outlook because our Exchange servers are using self-signed certificates. None of this is ideal, yes I know. We have purchased a wildcard SSL certificate to use in Exchange for public access on devices like the iPhone and anything that uses ActiveSync. I have tested this and works great. The problem is that since we don't have an internal DNS zone created for our public domains, we still get ssl security prompts in Outlook 2010, as well as the problem of not being able to use these devices internally since the firewall won't support going out just to come back in. :-) I am working hard to get approval for the creation of internal DNS zones for the public domains. My question(s) are as follows: NOTE: assuming I will get permission to setup the DNS zones appropriately... 1. Once all Exchange servers have the URL changed in the client access role, will Outlook update the mail profiles on an internal user's PC to use the new public DNS hostname for the Exchange server? 2. How will this affect a site with more than one Exchange server in the office, since each office only has one public DNS host name for ActiveSync? Will the CAS role proxy for users hosted on other servers? Is there anything else I should consider during this configuration adjustment? Thanks in advance!Thanks

Hi, If you do create the internal DNS zone you also have to change the internal URLs of Exchange you that it will use these instead. There is a link to a MS KB here: http://support.microsoft.com/kb/940726 Are all the Exchange servers in the same Exchange Organization? You need to be sure of all the DNS records being used in the external zone so that you can create all the records internally also. /MartinExchange is a passion not just a collaboration software.

Hi, Have you tried to changed internal URL for those services? You can modify the internal url to use public domain, I think. Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site" http://support.microsoft.com/kb/940726 Regards, Xiu

I know that I need to change the URLs of my CAS role on each server, no question there. And I know I need to make both the internal and external URL the same, also no question there. The questions are: 1. Once all Exchange servers have the URL changed in the client access role, will Outlook update the mail profiles on an internal user's PC to use the new public DNS hostname for the Exchange server? 2. How will this affect a site with more than one Exchange server in the office, since each office only has one public DNS host name for ActiveSync? Will the CAS role proxy for users hosted on other servers? Is there anything else I should consider during this configuration adjustment?Thanks

1. When you change the internal URL Outlook will be updated automatically. 2. It shouldn't matter if you have one or more servers in a site as long as you change the URLs per server accordingly. /MartinExchange is a passion not just a collaboration software.