Saturday, October 4, 2014

SSL cert errors for old Exchange server after you've already moved to Office365

My users began getting SSL cert errors in Outlook after the SSL cert on my old mail server expired.  This was weird because I had moved my company's email to Office365 more than a year earlier.  It looked something like this:

Quick research led to the idea that Outlook was looking at the autodiscover for the internal server when connected to the LAN as opposed to the CNAME record that pointed to

The fix . . .

First run this on your old mail server in an Exchange shell to see where your autodiscover is currently pointing:
Get-ClientAccessServer | fl AutoDiscoverServiceInternalUri

If it's pointing to your internal server with the expired certificate, that's a problem.  To fix that, run this command in the Exchange shell (assuming your server is named server1):
Set-ClientAccessServer -Identity "server1" -AutoDiscoverServiceInternalUri "" -AutoDiscoverSiteScope "Mail"

or I could disable internal autodiscover via this command (assuming your server is named server1):
Set-ClientAccessServer -Identity “server1″ -AutoDiscoverServiceInternalUri $NULL

No comments: