Good Afternoon All, I've encountered a strange issue with Outlook 2010, when first launched, gets a certificate error from an Exchange 2007 server in a different physical location. Here's a birds eye view of our Exchange environment: 1 root domain (domain.com), shared by 3 different physical locations all connected by an MPLS cloud. There are 6 Exchange 2010 Servers in this domain, a separate CAS/HT and MBX server per each location. 1 child domain (child.domain.com), which was setup to house a separate business entity that has it's own Exchange 2007 Server that holds the CAS/HT/MBX roles. The mailboxes hosted on this server show up within EMC in my root domain/exchange org. The company I work for was recently purchasd by another company and we have been going through a re-branding process. Being the Exchange Engineer, I have successfully updated everyone's Primary SMTP addresses as well as their SMTP Aliases with the new address space. I've also purchased a 10 slot UCC/SAN certificate that has all of the URLs for our Exchange Servers/Services. The UCC/SAN certificate has been installed at 2 sites (4 of the exchange servers) and I used the following article to change the URLs for OAB/EWS/OWA/OutlookAnywhere, etc: http://technet.microsoft.com/en-us/magazine/ff381470.aspx As it stands right now, Autodiscover and all associated services work both in-house and externally. Previously, access to the EWS directory while outside of the network and using Outlook Anywhere was not functioning - i've fixed that and we're able to download the OAB and set out of office replies through Outlook Anywhere, which i'm quite happy with. There's 1 little problem that i've run into and i've been sifting through document after document on the web trying to figure it out, which hasn't yielded a fix. The problem: Whenever my users open up MS Outlook 2010 in the root domain, they're immediately prompted with a "Security Alert" dialog box stating that "The security certificate was issued bya cmpany you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority." The certificate is a self signed cert from the Exchange 2007 server in the child domain, which is at a different physical location than where we're sitting. I'm assuming this is the autodiscover service talking to the Exchange 2007 server, which is then redirected to our CAS server that is here on-site. I'm confused by this, as within AD Sites and Services we have our sites/subnet set up properly and our SCP record points to our webmail address of the Exchange 2010 servers in our root domain. I came across this MS Support article (http://support.microsoft.com/kb/2006728), which states: Exchange 2010: If the user has an Exchange 2010 mailbox, the Exchange 2007 SP2 Client Access server redirects the request to an Exchange 2010 Client Access server. The redirect response from the Exchange 2007 SP2 Client Access server includes the URL for the Exchange 2010 Client Access server. From how I perceive the article, it looks like if your Exchange environment co-exists between Exchange 2007 and Exchange 2010, then Outlook clients will check with the Exchange 2007 server first for autodiscover settings and the Exchange 2007 server will redirect to to another CAS server if necessary. Is this a correct perception? Is there anyway to adjust the SCP records or the way that autodiscover works so that MS Outlook 2010 will talk with the closest Exchange 2010 server for autodiscover settings, thus avoiding the Exchange 2007 server/certificate alert all together? While our users should be able to send/receive email to and from user mailboxes on the Exchange 2007 Server, I don't want our Outlook clients talking to the Exchange 2007 Server for any sort of autodiscover-based information. Any help on this would be most appreciated! Cheers, Jim P.