Installed Exchange 2007. Enabled owa, using the default self signed certificate that gets installed when you install Exchange. OWA users would get the Certificate Security Alert as expected until I purchased a 3rd party certificate, so I did, but NOT a SAN Cert. Just a cheap single cert. Purchased a basic SSL cert. for OWA, created the cert request for the vendor, was verified, Downloaded it to exchange2k7 Client access server. Then with EX2K7 management shell, I Imported the .crt file, and enabled all services on it, (except for UM becuase we are not running that and powershell didn't like it.) I was no longer getting the security alert when I would access owa. Good. I was not getting the alert when I accessed OWA, but the users inside on the corporate LAN, accessing via OUtlook 2007 (IMAP4) did! They could just click to proceed and get into outlook fine. This is because internally, MAPI services were enabled on the original, default self signed cert To fix this, I set the set-clientaccessserver -identity myCASServer -autodiscoverserviceinternalURL to the URL for new cert I that I just imported and enabled. At that point, the users on the corporate LAN stopped getting the security alert. Also Good. Here's the question Any OUtlook 2007 user, whether on the corporate LAN, or accessing VPn, that has the 'Download Address Book' box checked in their OUtlook settings (Tools-->options-->Mail Setup--> send & recieve settings-->all accounts / Edit---> 'Download Address Book') Gets an 'send and receive' error after clicking send and receive. Mail does come in and out. The GALdoes not get updated and offline address book functionality does not work. I have refernced several resources including: tech-net, sudnow, network solutions (who issued the cert) and msexchange.org No combinations of setting mentioned in these articles that I have tried have helped me. However I am learning a great deal through all of this. As of right now, NO ONE is getting the Certificate Security Alert, so that's good. But Autodiscovery is NOT working for any one except OWA users. Users on the LAN (and accessing via VPN Outlook 2007 client) cannot sync their offline address book, or use out of office. They get an error that goes away relatively quickly after doing a send/recieve which says 0x8004010f Operation failed, An object cannot be found. I have seen many articles addressing this and all point to Autodiscover. I have tried setting up autodiscover as an SRV resource type in DNS, as well as the fqdn of the certificate pointing to my CAS server. When I test outlook, Autodiscover fails whether via SCP, SRV I can send screen shots of the test results, if you'd like as well as canything from MS Exchange Powershell output, if you request.

Software/Hardware used: