Hi, I have one test Exchange 2007 server, and one test 2010 server (which will become my production server). The 2007 server has no mailboxes on it, and will be decommisioned shortly. It is using self signed certificates. When a user with a mailbox on the 2010 server fires up outlook, I get a message from the 2007 server talking about mismatching certificates. While I can understand the issue with certificates, I can't understand why Outlook is trying to contact the 2007 server at all when the users data (and public folders) are set to point at the Ex 2010. Looking at the connection status in Outlook, nothing is connecting to the EX2007 server so I am at a loss to know what could be causing the issue. Any ideas? Thanks, Adam

May be the client is trying to access the OAB which is published on your exchange 2007 CAS serverMCP, MCSE 2000 , MCSA 2000 ,MCSA 2003 , MCITP , MCTS , MCT

Thank you for the quick response. I have already set up an OAB on my Ex2010 server with Distribution Methods of Web-Based and Public Folders The URL for the test email account is populated correctly by AutoConfiguration (it shows both Internal and External URLs). Theoretically it shouldn't be accessing the 2007 OAB, but is there anyway to check? Adam

Verify your autodiscover entry in your dns, its probably still pointing to the Exchange 2007 box

Hi, Looking at my DNS, internally there is no entry for autodiscover.company.com and I can confirm that no page exists at https://company.com/AutoDiscover/AutoDiscover.xml The issue only happens when I connect with a domain PC. e.g. Domain PC in Office: Connects with TCP/IP - Error Domain PC @ home no VPN: Connects using Outlook Anywhere - no error Domain PC @ home with VPN: Connects using TCP/IP - error Standalone PC no VPN: Connects using Outlook Anywhere - no error Standalone PC with VPN: Connects using TCP/IP - no error Other users are also getting this message, even though they are on Ex2003 servers in different domains. Is there anything in the AD that provides the Autodiscover information? If so, where is it and can I overwrite it? Many thanks, Adam

yes a SCP (Service Connection Point) named Autodiscover should be created for each CAS server run the following command and please reply with the result Get-ClientAccessServer | fl *Auto* MCP, MCSE 2000 , MCSA 2000 ,MCSA 2003 , MCITP , MCTS , MCT

Ah, I think we're on to something here... the command outputs values for both servers: AutoDiscoverServiceCN : Ex2007 AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service AutoDiscoverServiceInternalUri : https://Ex2007.company.com/Autodiscover/Autodiscover.xml AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596 AutoDiscoverSiteScope : {UK-SLO} AutoDiscoverServiceCN : Ex2010 AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service AutoDiscoverServiceInternalUri : https://ex2010.company.com/autodiscover/autodiscover.xml AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596 AutoDiscoverSiteScope : {UK-SLO}

Hi, That's the Autodiscover issue which is by default in mixed environment for Exchange 2007 and Exchange 2010. When there are more than one CAS in the environment, the Outlook client uses the first SCP in its list to conact the Autodiscover service. Since the Exchange 2007 CAS is the first record in the list of SCP records, the Outlook client will first use the Exchange 2007 SCP to contact the Autodiscover service. If the user's mailbox is an Exchange 2010 mailbox, the Exchange 2007 CAS SP2 will redirect the request to an Exchange 2010 CAS. You can press Ctrl+right click Outlook icon in System Tray, select Test E-mail AutoConfiguration, uncheck the two Guessmart options, then click Test button, you can get the results under Log Tab. Thanks AllenAllen Song

Yes, the log does show it trying to access the 2007 server. At the moment it's difficult to uninstall the 2007 server as it's routing a lot of emails, so is there any way to delete the SCP entry (without crippling the Ex2007 operation). Thanks for your help, Adam

Hi, You can delete the AutoDiscoverServiceInternalUri of the Exchange 2007 attribute to workaround this issue. AllenAllen Song

Thanks Allen, I couldn't work out how to delete the AutoDiscoverServiceInternalUri, so I changed the value to point to the Ex2010 server using: Set-ClientAccessServer -Identity "Ex2007" -AutodiscoverServiceInternalURI "https://ex2010.company.com/autodiscover/autodiscover.xml" Now any Outlook client pulling the SCP entry out of the AD gets its config details from the 2010 server even though it's looking a the 2007's SCP information. The certificate error no longer appears :) Thanks to everyone for their assistance in fixing this annoying issue. Adam