I started off receiving an error on my Outlook clients after completing the move from Exchange Server 2003 to a new Exchange Server 2010. It stated that the certificate was invalid. I followed the steps to correct autodiscovery, but had no luck in resolving the certificate issue. I must have missed something because now my clients are no longer able to use Outlook via the Web. Further, I'm now getting an error message that my Primary DNS server does not relay the external DNS information for the exchange server, which I can see that it has. Before I go on and really mess up the IIS virtual directories, I would appreciate some guidance.

Does OWA access function properly? What names do you have on the certificate? If your organization was named contoso.com, and if you used "mail" or "webmail" instead of a particular server name for OWA access (etc.), you would have at minimum (in an E2K3 -> E2K10 transition scenario): - mail.contoso.com - autodiscover.contoso.com - legacy.contoso.com URLs for OWA virtual directories (etc.) must match and DNS records must designate the proper targets. Using above examples, mail and autodiscover should have DNS records pointing to the E2K10 CAS and legacy pointing to the E2K3 server.Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

Hello, Certificate warning for internal client? The most possible cause should be described in the following article: http://support.microsoft.com/kb/940726 In order to understand the issue more deeply on your server, please also collect the following information for my further research. [Please provide a screenshot of the certificate warning in Outlook] [Collect AutoConfiguration Status in problematic Outlook] ======================================== 1. While Outlook is running, click the CTRL key and then right-click the Outlook icon in the system tray and then select Test Email Autoconfiguration. 2. Confirm that your email address is in the address field, uncheck Use Guessmart and secure Guessmart authentication boxes. Then click the Test button. 3. Once it runs, please send me a screen shot of the Log and Results tab.. [Certificate configuration information] ============================= On CAS server, open Exchange Management Shell and type the cmdlet: Get-ExchangeCertificate |fl >c:\certlog.txt Get-autodiscovervirtualdirectory | fl >c:\auto.txt Get-clientaccessserver | fl >c:\cas.txt You can reach me at: v-simwu@microsoft.com Thanks, Simon

Hello, Certificate warning for internal client? The most possible cause should be described in the following article: http://support.microsoft.com/kb/940726 In order to understand the issue more deeply on your server, please also collect the following information for my further research. [Please provide a screenshot of the certificate warning in Outlook] [Collect AutoConfiguration Status in problematic Outlook] ======================================== 1. While Outlook is running, click the CTRL key and then right-click the Outlook icon in the system tray and then select Test Email Autoconfiguration. 2. Confirm that your email address is in the address field, uncheck Use Guessmart and secure Guessmart authentication boxes. Then click the Test button. 3. Once it runs, please send me a screen shot of the Log and Results tab.. [Certificate configuration information] ============================= On CAS server, open Exchange Management Shell and type the cmdlet: Get-ExchangeCertificate |fl >c:\certlog.txt Get-autodiscovervirtualdirectory | fl >c:\auto.txt Get-clientaccessserver | fl >c:\cas.txt You can reach me at: v-simwu@microsoft.com Thanks, Simon

Do you also have the SAN cert in your "trust roots" on the workstations?