Recently got an SSL certificate for our external domain and added to exchange, external clients are working fine, internal clients are getting the Security Warning when opening Outlook stating our internal server.domain.local "the name on the security certificate is invalid" and viewing the certificate shows our external domain.
How do I get this resolved? Both internal and external hostnames are set for external url for autodiscover.
The certificate seems to be issued to your external domain, I'll call it
server.domain.comfor now. This doesn't match toserver.domain.local, so you get the security warning.You have a couple of options:
server.domain.localas an alternative name. This will be valid for external and internal access, but not every CA will allow you to create such a certificate.server.domain.comfor your Exchange server instead of.local. This is most probably the easiest way to fix the problem..comdomain. This is the solution that requires the most work, but it will prevent similar problems in the future with other servers that should be accessible from inside and outside.You cannot get an SSL certificate for internal names from any trusted SSL provider. That isn't allowed - hasn't been since November 2014.
"How do I get this resolved? Both internal and external hostnames are set for external url for autodiscover."
How exactly have you done that? If you have changed the URL values on the Autodiscover virtual directory then that isn't the correct way to do it. Put that back to the default. The correct way is to use set-clientacccessserver:
set-clientaccessserver servername -AutodiscoverServiceInternalURI https://host.example.com/Autodiscover/Autodiscover.xml
That will stop the SSL prompts. http://semb.ee/hostnames2013 has the full details of what you need to change.