Hello All, I've been working on getting our OAB to sync when our Exchange server is in a different forest. I created a DNS record for autodiscover.SMTPdomain.com that points to our Exchange server in the new forest. I also trusted that Exchange server as a trusted CA. However, the error I am now getting is that the name of the server does not match what the client is looking for. You can click yes to proceed, but I would really like to fix this issue. For a reference both of these different forests have their own local domain name and then share an SMTP external name. Obviously, the server will not match the SMTP domain name, because its FQDN is in the local domain. To work around this, I figured I would just generate a cert with the SMTP domain and add that to IIS, this did not work either it still give me the error. The cert I created was autodiscover.SMTPdomain.com. I guess I really just really need to know what that service is looking for, because I can create certs all day long. Thanks in advance! PS: this is the error screen

Hello, When you have error like this, it happens because the certificate not created well. You need to add all the internal and external domain including services like the autodiscover. Rgds.www.windows8israel.com

ah yes, it seems that after I ran the command I got this returned: https://srv-vmex0l.forest.local/Autodiscover/Autodiscover.xml. I'll try regenerating a certificate for srv-vmex01.forest.local. and using that. After I regenerate that cert, I've just been going into IIS and binding that cert to port 443. Is there additional steps required. Also, these clients are in a separate domain, otherwise this would be out-configured, Thanks for the info!

Would this be a better situation for PF distribution of OAB? or would that work at all? Thanks!

The certificate should be enabled using Exchange, not IIS. If you have been using IIS then that might be the cause of some issues. You need to use EMS - and enable-exchangecertificate. While you can use PF distribution for the OAB, that isn't going to help with autodiscover. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.