Hi, A couple of years ago I migrated our system to use Exchange Server 2007. When buying the certificate, I had a promotion giving me additional SANs for free, but when I received the certificate back from the CA, they set the CN to www.contoso.com, and put the rest of the SANs (including my original CN value) into the alternative names field. This was a condition of the promotion! I had to run the command: Set-OutlookProvider EXPR -CertPrincipalName:"msstd:www.contoso.com" In order to allow Outlook Anywhere clients to connect using the autodiscover service, but apart from that everything works fine. A couple of years later, and the cert is expiring soon. I want to renew this cert, but the promotion is now long gone. I can renew the certificate and pay the correct amount for the additional SANs, excluding www.contoso.com, and set the name back on the autodiscover server. My question is: If I do that, will it break current Outlook Anywhere clients out there that have already used the autodiscover service to get the mailbox parameters? Would I be better continuing with the www.contoso.com as the CN and having the other servers as SANs in the certificate (which will cost more money, as I don't really want www.contoso.com in the CN)? Thanks. Andrew.

Autodiscover should update the client if you change the external name. Autodiscover isn't a one time thing, the settings are checked regularly and corrected as required. Therefore as long as you change the external URL at the same time as changing the certificate, things should work correctly. Curious promotion, probably to try and get their certificate seen by more people. Not something I would have taken up, as www type domains should be pointing at public web sites in my opinion, not Exchange servers. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources

And more information, please see: generating a certificate with a 3rd party CA http://msexchangeteam.com/archive/2007/02/19/435472.aspx Frank Wang TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com lease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.