We are in the process of migrating from Exchange 2010 to Exchange 2013 and have the following setup:
- 1 Ex2010 server:
sola-exchange.addomain.local
- 3 Ex2013 servers set up in a DAG:
sola-ex13-1.addomain.local, sola-ex13-2.addomain.local, sola-ex13-3.addomain.local
- Split DNS with all Virtual Directorys set with the same internal and external hostnames in URL:
webmail.domain.com, oa.domain.com, eas.domain.com, autodiscover.domain.com.
- DNS round-robin for the above domain names pointing to each of the 2013 server IPs
- Wildcard certificate *.domain.com
- NTLM authentication for Outlook Anywhere, the CertPrincipleName has been set to msstd:*.domain.com
The problem:
Everything seems to work as it should, but users are presented with a certificate warning 20 or so seconds after opening Outlook.
Example: When I open Outlook I get a warning that the certificate name does not correspond with the name of the server. It tries to connect to "sola-ex13-3.addomain.local" and the certificate is the wildcard *.domain.com.
An other user might get the same warning but for an other server FQDN, sola-ex13-2.addomain.local.
This does not happen when connecting externally. Published with a TMG server.
Why does Outlook try to connect to a servers FQDN when al the virtual directory URLs are set?