Our public-facing domain name changed last year, but active directory still uses the old domain name. This didn't pose a problem until we updated the SSL certificate in Exchange 2010. Now, even after changing AutoDiscoverServiceInternalUri on the Client Access Server, and remapping all Virtual Directories, Outlook clients are still displaying a single stubborn certificate warning.
When running the Test Email AutoConfiguration Tool from the Outlook client, I noted that the EXCH provider is referencing hostname.old-domain.com, while the EXPR provider is correctly mapped to mail.new-domain.com, as EXCH should be.
<Protocol>
<Type>EXCH</Type>
<Server>EXCH-1.old-domain.com</Server>
...
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.new-domain.com</Server>
...
</Protocol>
Is it possible to update this section of Autodiscover without changing the AD domain suffix?
Update: It seems that the error is only appearing for internally connected clients on LAN.
Yes.
Run the following command in EMS, then restart the IIS service on all CAS servers by running iisreset(You may schedule a down time to restart this server, as it would temporarily affect the Exchange services replying on it):
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:mail.new-domain.com
Actually, you can also set the CertPrincipleName of EXCH as null. Thus it will not force the Outlook client to connect to the specified server name. The proper domain name will be auto-populated.
Below are the Microsoft blogs for your reference:
The Autodiscover Service and Outlook Providers – how does this stuff work?
When, if and how do you modify Outlook Providers?