Hi, I recently installed a SBS2011 server at one of my customer. We were getting certificate error every time users were opening outlook client. I've manage to resolve the problem internally using the KB940726. We are using self-signed certificate. However, the issue still happen trough my VPN. Every time we open outlook trough the VPN, I get a certificate error, Autodiscover.mydomain.com, "The name on the security certificate is invalid or does not match the name of the site". What I found strange about this issue, is that if I click on View certificate... , it says it was deliver to profil.prosante.ca witch is a domain name I had never used or configure. If I go into the certification authority console on the server, I cannot find any certificate that match thoses informations. To resolve the exchange server IP adress trough the VPN, I added an entry on the local host file of every VPN users pointing to the internal IP adress of the server. Still trought the VPN, when opening Outlook Client, if a click yes on the certificate warning, I am able to send/receive mails. However, certain function such as "out of office assistant" is not working. For you information, the client I took to do the VPN test is not a member of the domain. Real users will have their computer into the domain, they will use the VPN from time to time when not in the office. I will be glad if anybody could give me some assistance or suggestion on this issue. Best regards,

Hi It's suggested to use SAN/UC certificates for Exchange 2010 http://www.digicert.com/unified-communications-ssl-tls.htm https://www.digicert.com/easy-csr/exchange2010.htm http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82

Thank you for you answer and the for the links, I will look foward for a certificate. But, I was still wondering if there was a way to get this working without purchasing a certificate. If anybody has other suggestion please let me know. Have a great day.

You can get a UCC certificate from godaddy for around 70$ per 3 years including 5 names, it's worth all trouble you will avoid And also the recommended method Or setup an internal PKI and deploy the root certificates to all devices http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039 Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82

Mephisar, the recommended solution for remote clients is Outlook Anywhere (RPC over HTTPS). In this way you eliminate need to maintain your user's host file in actual state. Or you can grant access for you VPN-users to your internal DNS servers (you can assign DNS server's address in VPN server management console for remote users). About server certificate: your internal users, whose workstation is your domain members not receive error\warning message, when they connecting to server. It's because Outlook clients have a internal, hardcoded exception for scenario when used self-signed certificate. Your external users, whose machines isn't domain memebers still receive error\warning message about certificate. You can add self-signed certificate into Trusted root CA's certificate store and your server certificate become trusted for this system. But this is only workaround, you must considerate any scenarios described above.MVP Exchange Server from Russia http://okrylov.wordpress.com

Hello, By connecting via VPN, Outlook directly resolve the autodiscover via DNS. It will use the pre-defined url like: Autodiscover.EmailAddressSuffix. You need to include the "Autodiscover.EmailAddressSuffix" in the certificate. Thanks, Simon

I did some more test and for some reasons, the certificate warning is not displaying anymore after I add joined the laptop to the domain. And that, even trought the VPN. However, I understood that I should get a certificate anyway. Thanks you very much for all of those who gave me advice by replying to this post. I will still look foward for a certificate, has I understood that what I did is more some kind of workaround rather than really fixing the problem. Best regards, PS: Sorry for my english, it's not my native language.