Exchange 2007 introduces autodiscover which requires that the cert be a
mutli-domain or a unified communications certificate and you must include
your certificates for your Domain controllers (or in my case my SBS server).
You can not bother with purchasing the multi domain cert then just provide
your clients with the single domain name cert and the domain controllers'
certificates (I'm using a SBS server and only give my clients a PFK cert for
remote.domain.com and the SBS server's CA certifiate).
I exported each certificate out of the certifcates snapin for the computer
account and included all intermediate certificates since I have a godaddy
certificate. I also included a simple password and placed it on a public
office share for everyone to install it. I also had to add a
discover.domain.com to my internal and external DNS servers that points to
the SBS server (internal and external IPs respectively.) my users get a
warning during the discovery process but then never again since they have
the certificates for my Domain Controller and the remote.domain.com from
godaddy.
I am not sure if this helps in the diagnosis, but I was having the
exact same issue as the initial post, i.e. complaining about proper
certificates. I tried various methods of importing the GoDaddy certs,
etc. However the Entourage was first setup while in the office
(internal domain). The machine is a laptop and I went I got home
tonight and restarted Entourage, no certificate warning messages.
Thus through the magic of internal/external resolution of the
remote.DOMAIN.net when inside the network (this never worked correctly
for me in SBS2003 for some reason but does in SBS 2008) Entourage must
be trying to authenticate with the internal/self-signed certificate?
However when I am outside the network, the remote.DOMAIN.net is
authenticating and using the external GoDaddy cert?
As for the solution for importing the correct certificate when inside
the network, I am not sure of the steps, but perhaps someone can
continue the discussion?
Bob
