I've been working for awhile on an issue that I'm having trouble figuring out. It's pesky and seems as if it should be an easy fix, and it's causing me a lot of problems.
Basically, I'm trying to migrate all internal URLs for WebServices, OAB, ActiveSync, etc to match the URL of the certificate we have. I've followed a number of guides, and feel confident that the changes are taking, as I'm able to verify them, but when I run:
test-outlookwebservices {e-mail address} | fl
I'm continuing to get a 1104 error with this message: The certificate for the URL https://intexch2010.richey.local/autodiscover/autodiscover.xml is incorrect. For SSL to work, the certificate needs to have a subject of intexch2010.richey.local, instead the subject found is mail.richeyco.com. Consider correcting service discovery, or installing a correct SSL certificate.
It seems clear that autodiscover is still pointing to the internal address, though I find no reference to this:
Get-ClientAccessServer -Identity IntExch2010 | select AutodiscoverServiceInternalUri | fl
AutoDiscoverServiceInternalUri : https://mail.richeyco.com/autodiscover/autodiscover.xml
I've right clicked the IIS Application Pools "MSExchangeAutodiscoverAppPool" and recycled it. I've restarted the server a few times, it just doesn't seem to work.
https://support.microsoft.com/en-us/kb/940726
https://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm