We have two 2010 servers. EXCHANGE.domain.com is the internal CAS/DB server; ExchangeFE.domain.com is a CAS server that faces the internet. EXCHANGE has a self-signed cert as EXCHANGE.domain.com; EXCHANGEFE has regular SSL cert named OWA.domain.com.
When Outlook profiles are configured, they typically show connection to EXCHANGE and use the self-signed cert with no issue.
The last few days, there have been instances where users open Outlook and are prompted with a EXCHANGEFE --AND-- AUTODISCOVER cert mis-match because that server only has OWA.domain.com cert installed.
How can I force all internal users to only go to EXCHANGE CAS server so that the ExchangeFE does not show EXCHANGEFE and AUTODISCOVER cert errors?
Autodiscover is not available via internet. We have it internal, but I am OK with turning it OFF and requiring manual Outlook profile configuration.