Upgrade from Exchange 2003 (rip and replace). Configured internal and external urls, imported public certificate from the old server.  Everything external, Outlook Anywhere, Outlook Web Access and Active-sync all work (except for autodiscover certificate error).  Internally Outlook (2010 & 2013) will not see the Exchange server, and Outlook web access reports a certificate mismatch (the public certificate, not the internal self signed certificate is presented to the client). If I configure Outlook Anywhere externally, I can bring the notebook local and Outlook will work, but slowly and with a lot of protesting (cert and proxy errors).

Not surprisingly, the remote connectivity analyzer passes, but running
Test-OutlookWebServices locally fails on the 'Autodiscover Outlook Provider' Scenario, reporting an invalid remote certificate.  I am assuming Exchange is presenting the public certificate.  Is there a way to have Exchange use the self signed certificate for the local users?

Thanks in advance,

Greg

Get a public certificate.  A UCC certificate from Go Daddy (the cheapest I know of) is $72/year for three to five years.

I have a public certificate.  Since internal domains won't be supported on public certificates in the future, I was hoping there was another solution.

Greg

Hi Greg, having the same problema and same dilemma. Can't seem to get Outlook clients to connect to Exchange 2013. We used the cu2 version and have Exchange 2007 originally in place. Just wondering if your issue got resolved.

Thanks,

Rick

I recommend that you implement split-brain DNS.  Use the same URLs internally as externally by hosting DNS zones internally and externally with appropriate external and internal IP addresses.

I created a self signed cert and ensured that the server name being requested was inside the cert.  

Then I logged on as the user and i imported the certificate in the trusted CA
BUT and its a BIG BUT
when I checked the CA area I could not see it.
After much research I found that when I was logged on as a roaming user that the certificate did not go into the CA.
I had to log on as a domain admin and then import the certificate by going running MMC adding the certificate snap in and then importing the certificate.  
It then showed up and I was able to log back in as the user and complete the outlook setup.

I authenticated against the domain controller (which may indicated another slight issue but I will look at this later) and then configured the the RPC over HTTP in security, ticked both boxes and selected NTLM.

Looking back, I also found a MS article http://support.microsoft.com/kb/2264398#appliesto
that refers to a similar missing registry key causing a similar problem to that lots of others have reported but this looks to be relevant only to LOCAL profiles and not roaming profiles and when I navigated to the key it showed 'Roaming'.

Hope this helps someone.  
I am on a mission to help others now as this has sucked so much of my time.

Getting an external cert if obviously another way of fixing it and I do appreciate your feedback so thank you.