So you need to renew your UCC exchange cert but now you can't renew the "domain.local" cert that you've been using forever? Think you can just renew the external domain.com and be ok? Wrong, your internal users would get a prompt when they launch outlook saying that the domain names do not match and they will have to click "yes" to continue every time they open it. How do we fix this?
Well, I recently came across this issue and here's how I fixed it
First, make sure that loopback is working in the local office. Try pinging your domain, let's say it's mail.domain.com. Does it resolve to an external ip? If not, you need to adjust your firewall settings so that it routes requests to the external domain to the WAN interface. This should be done by default if you used the wizard on your sonicwall.
Now, open up exchange management console and change the OWA, OAB and ActiveSync address so that they all point to the external address. For Example change mail.domain.local/owa to mail.domain.com/owa
Well, I recently came across this issue and here's how I fixed it
First, make sure that loopback is working in the local office. Try pinging your domain, let's say it's mail.domain.com. Does it resolve to an external ip? If not, you need to adjust your firewall settings so that it routes requests to the external domain to the WAN interface. This should be done by default if you used the wizard on your sonicwall.
Now, open up exchange management console and change the OWA, OAB and ActiveSync address so that they all point to the external address. For Example change mail.domain.local/owa to mail.domain.com/owa
Now open exchange Powershell as admin and adjust the script below accordingly to change you're autodiscover address
Set-WebServicesVirtualDirectory -Identity “ESERVER01\EWS (Default Web Site)” -InternalUrl https://mail.newdomain.com/EWS/Exchange.asmx -BasicAuthentication:$true
Set-WebServicesVirtualDirectory -Identity “ESERVER01\EWS (Default Web Site)” -ExternalUrl https://mail.newdomain.com/EWS/Exchange.asmx -BasicAuthentication:$true
Now we need to run another command to change the autodiscover.xml address
Set-ClientAccessServer -Identity ESERVER01 –AutoDiscoverServiceInternalUri https://mail.newdomain.com/Autodiscover/Autodiscover.xml
Lastly, to make all these changes take effect, we need to recycle the App Pools
Open IIS manager
Expand the server and expand Application Pools, then right-click on MSExchangeAutodiscoverAppPool, and select Recycle
Voila! now, users should not be receiving the Cert error in outlook
Sources:
https://www.3ait.co.uk/blog/changing-the-autodiscover-url-in-microsoft-exchange-2010/
https://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm
Set-WebServicesVirtualDirectory -Identity “ESERVER01\EWS (Default Web Site)” -InternalUrl https://mail.newdomain.com/EWS/Exchange.asmx -BasicAuthentication:$true
Set-WebServicesVirtualDirectory -Identity “ESERVER01\EWS (Default Web Site)” -ExternalUrl https://mail.newdomain.com/EWS/Exchange.asmx -BasicAuthentication:$true
Now we need to run another command to change the autodiscover.xml address
Set-ClientAccessServer -Identity ESERVER01 –AutoDiscoverServiceInternalUri https://mail.newdomain.com/Autodiscover/Autodiscover.xml
Lastly, to make all these changes take effect, we need to recycle the App Pools
Open IIS manager
Expand the server and expand Application Pools, then right-click on MSExchangeAutodiscoverAppPool, and select Recycle
Voila! now, users should not be receiving the Cert error in outlook
Sources:
https://www.3ait.co.uk/blog/changing-the-autodiscover-url-in-microsoft-exchange-2010/
https://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm