Presently I am in the middle of upgrading to Exchange 2013 and I am having a few problems. The most annoying one is with internal and external DNS. We use a internal TLD company.local, this was setup before I got here and generally is not worth the trouble to try and fix, as we have quite a large number of systems.
Anyway because of changes in using internal names on public certificates, see link below, I cannot request a certificate from a public CA with company.local as a SAN.
In light of this I decided to setup two Client Access servers, one public and one private. The private server would use an internal certificate from my internal CA. The public server would use a UCC certificate from Godaddy with my public addresses for mail, owa, and autodiscover.
MX1.company.local = Client Access (Private)/Mailbox
MX2.company.local = Client Access (Public)
Now my Exchange 2013 test users (including myself) are getting errors saying certificate for (MX2.company.local) is not valid. This is true, because they are connecting to the internal domain name. Also, we are constantly being prompted for our username and password. Frequently we type the correct combination and it comes up again.
I have attempted to remove all references to MX2.company.local from internal server virtual directories for mx2.company.local and point Outlook anywhere on MX2 to MX1. So at present the internal virtual directories on MX2 are blank, only public directories are filled out, and MX1 only has internal directories. This still has not worked.
Please help this is extremely painful.