I set up a test server this weekend with SBS 2011 (exch 2010). I created a subnet on my network behind a 2nd firewall/router. My lan network is 192.168.0.0 and the 2nd router/firewall is 192.168.137.0 I put a laptop on the same subnet as the server and put on outlook 2007. I told the server to use a domain name that I'm using on the internet for email, but did not expose the server to the internet. We still use the pop3 connector to receive our mail so I configured that with a test pop account at our ISP. It all worked just fine, could send and receive mail on the testuser.
When I start outlook I get a certificate error. When I inspected the certificate it appeared to be a cert from our internet based website host. My laptop is configured to use the SBS server for DNS so I was a little surprised to see it resolving our ISP's cert for our domain. When I unplugged the router on the testnetwork (taking away the internet), the client no longer complained about cert error. I then thought if I put a hosts entry on the laptop pointing our domain name to the server. That seemed to work a little better. This time I got cert error but the cert information was from my test server. It was just complaining about not being trusted. I then tried to install the cert on the laptop (pointing at a specific store, not just automatically selecting) figuring that would solve the problem, but I continued to get a cert error. before I put in the hosts entry, at the top of the cert error I was getting autodiscover.domainname.com (pointing at my isp's cert). After I put in the hosts entry I was getting only domainname.com (pointing at the server's cert). Sometimes I would get 2 cert error's, one for autodiscover.domainname.com (pointing at the isps's cert) and one for just domainname.com (pointing at my server's cert). Just before I gave up for the night I started getting a userid/password dialog asking to sign in. Didn't seem to accept the password. That was strange as well.
Any ideas on how to solve this problem? When I migrate my users in a real world environment, I could see this situation happening as the same scenario would exist. I'm a little surprised that it's not happening in my SBS 2003 environment. I run outlook 2007 on my desktop but can't remember if I had cert errors when I first started using it or not. Everyone else runs outlook 2003 (small environment, just four workstations). I just looked at my workstation (Outlook 2007 running against exchange 2003) certs (using certmgr) and don't see any cert for my domain at all). Wondering why not.
Roveer