Hi i have just set up 2 exchange 2013 servers both have mailbox and CAS roles installed for the purpose of sending through different IP address from 2 different email domains using send connectors on each of the servers to send emails to internet and this is working OK to a degree using 3rd party firewall with rules configured to allow mail out from each of the servers depending on the email domain they are sending from.
the config is,
Mail1 and Mail2 are configured with 2 different wildcard certificates mail1 has *.domain1.com and mail2 has *.domain2.com
i have configured the external domains for each of the services with the correct external domain names., OWA, ECP, Ect...
and also set Set-OutlookProvider EXPR -CertPrincipalName msstd:*.domain2.com
External dns has been set up with a records mx records work fine SRV for _autodiscover _tcp Points to *.doamin1.com and visa versa for domain2.com
I have a internal srv records pointing to both exchange servers configured with the external names autodiscover.domain.com
OWA works fine for either domain no cert errors, email works a treat, i am able to get to the autodiscover.xml from outside the network fine.
My problem is the when i try to configure a non domain joined pc outlook client, it keeps asking me for username and password and when i enter it, it is not accepted and the configuration fails.
Remote connectivity analyzer testing from the the name specified in the cert principle name set on the servers
does this
When using user credentials from domain1.com email address ( the one the the outlook provider principle name is set to)
I get
Verification of mutual authentication failed.
Testing SSL mutual authentication with the RPC proxy server.
The certificate common name *.domain1.com doesn't validate against the mutual authentication string that was provided: msstd:*.domain2.com
but when testing it using user credentials from domain2.com email address itssucceeds without issue except for warning about auto update which i am not concerned about for now.
What can i do to resolve and get outlook anywhere working and keep the 2 certificates as is if possible.
PS. sorry for the long winded explanation but i have tried everything i can think of....