Outlook 2007 users utilise 'autodiscover' and consequently get a SSL certificate error relating to a mismatch between the name on the SSL certificate and the host name used to access Exchange:

Information you exchange with this site cannot be viewed or changed by others.
However, there is a problem with the site's security certificate.
   X   The name of the security certificate is invalid or does not match the name of the site


As Outlook is accessing SSL via an internal hostname such as exchange-cas.companyabc.local on SSL that is setup for an external host name such as the host names do not match and the above error occurs.


The best solution for this is to change the InternalURL property for various functions and also to set an internal DNS record for the external host name, in this example . After which the following must be done in EMS:

Get-ClientAccessServer -Identity Ex-CAS-Server| FL
Set-ClientAccessServer -Identity Ex-CAS-Server -AutoDiscoverServiceInternalUri

Get-WebServicesVirtualDirectory -Identity  “Ex-CAS-Server\\EWS (Default Web Site)”
Set-WebServicesVirtualDirectory -Identity “Ex-CAS-Server\\EWS (Default Web Site)” -InternalURL -BasicAuthentication:$true

Get-OabVirtualDirectory -Identity "Ex-CAS-Server\\OAB (Default Web Site)"
Set-OabVirtualDirectory -Identity "Ex-CAS-Server\\OAB (Default Web Site)" -InternalURL
  • SSL must be enabled on any the respective IIS subfolders, all have it enabled by default apart from OAB. 128-bit is required by the autodiscover app.
  • The Autodiscover dir must also have anon access un-ticked, else clients do not bother to authenticate and consequently hit the permissions which do not allow anon access.

Category:Outlook Category:Exchange