Home » AutoDiscover

Tag: AutoDiscover

Outlook 2007 clients display certificate mismatch error after mailbox migration

When an Outlook 2007 user has their mailbox migrated from Exchange 2003 to Exchange 2007 they may start seeing a certificate mismatch error appear when launching Outlook.  This problem will occur if the following conditions are true:

  • the internal DNS namespace does not match the external DNS namespace (eg domain.local for internal and domain.com.au for external)
  • a third party SSL certificate matching the external namespace has been applied to the IIS instance on the Client Access Server (eg cas.domain.com.au)

The certificate mismatch occurs because the Autodiscover Service and/or Availability Service use the FQDN of the Exchange 2007 host in their URL (eg https://server.domain.local/AutoDiscover/AutoDiscover.xml) but the IIS instance has an SSL certificate that does not match that name.

To resolve this issue you can change the URL of the Autodiscover and Availablity services to match the name on the certificate, which you can do with the following shell commands.

As long as your internal clients are resolving the external name cas.domain.com.au directly to your Client Access Server this should resolve the certificate mismatch error.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.