Hey,

Our public domain is domainname.com.  Our internal AD domain is corp.domainname.com.

We currently have a single, multi-role Exchange 2010 server.  Outlook clients reports the server as being servername.corp.domainname.com in Account Settings > Server Settings.

We gearing up for the SSL change from 1 November this year where internal names are no longer allowed on a certificate, and I'm not sure how best to proceed.

We have these 2 on our current SAN certificate:

servername
servername.corp.domainname.com

As well as all the 'public' facing Exchange stuff:

autodiscover.domainname.com
mail.domainname.com
webmail.domainname.com (OWA)
mobile.domainname.com (ActiveSync)

My initial thought is to have Outlook clients connect to mail.domainname.com as that's already on the certificate, instead of the internal FQDN.

But I'm not sure how to do that and if it has any repercussions elsewhere?

Thanks

• Edited by Lanky Doodle 21 hours 47 minutes ago

Hi,

If you want to make Outlook clients connect to mail.domainname.com, we need to change the SCP vaule .

Set-ClientAccessServer -Identity "servername" AutodiscoverServiceInternalURI https://mail.domain.com/autodiscover/autodiscover.xml

More detailed information about autodiscover service, please refer to the article:

https://technet.microsoft.com/en-us/library/jj591328%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396

Regards,

David

Can you also run Get-OutlookAnywhere | fl server, hostname and Get-Mailboxdatabase | fl name, *rpc* ?

Also, Get-ClientAccessServerArray

You never created a CAS array - its using the CAS FQDN.  That's not what we recommend as Outlook gets stuck on that name :( 

Create a CAS Array, and some clients may update to start using it. Some may not.  Either way that is irrelevant to the discussion of the certificate as the cert is NOT used to encrypt this traffic.