Earlier I post this question which was answered successfully. "I have a correct cert installed for mail.domain.com and can check it 100% via EMC. When I set up a new outlook profile or test autoconfiguration on an existing outlook profile I receive a certificate mismatch and it states that the cert is for a different domain that I own but it's the www cert that it's finding. Not sure where to start looking for trouble here because the www server doesn't live on the LAN where the exchange server or outlook clients are located."
Deleting the root A record for my domainname on my windows DNS server solved this sissue but introduced another issue where by no one can get to http://domain.com while on the internal LAN. The web server lives outside my LAN. If i create a parent A record for domain.com then exchange autodiscover fails as it find the IP of my web server. How do I direct web traffic that doesn't use www correctly?