On-site users cannot authenticate to Exchange server after power-shell changes; OWA works fine?

We have been having a ton of certificate errors, due to our internal domain being "domain.local", and only having a single Exchange server with a wildcard cert "*.domain.local". To ensure that all Outlook users would connect directly to the external address (which had the proper certificate), I changed all of the internal/external settings in these instructions (http://exchangeserverpro.com/avoiding-exchange-2013-server-names-ssl-certificates/) to https://external.domain.com/_____.

Tested it on a few machines, no problems. The next day (today), getting 50% of users internally reporting that they cannot connect - keeps popping up user/pass window... Try to authenticate (domain\user and applicable password), but only get this error: "The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action." So far, no issue configuring externally, and the "Remote Connectivity Analyzer" shows no issues in any category.

OWA works fine, and as I mentioned, about 50% of users work normally after reboot. Stumped - can anyone help?
ITAdvisorsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Does the external name resolve internally?
If you run an Autodiscover test, do the correct host names come back?

Simon.
0
Adam BrownSr Solutions ArchitectCommented:
More than likely the autodiscover settings are cached with the old name of autodiscover.domain.local, so computers are getting screwed up. Try running a repair on the Outlook profile for a user who has the issue to see if that fixes the problem. If it doesn't, remove any autodiscover.domain.local entries in DNS, Then create a SRV record in the domain.local DNS zone for the _autodiscover service that points clients to the autodiscover.domain.com address. http://acbrownit.wordpress.com/2012/12/20/internal-dns-and-exchange-autodiscover/ has info near the bottom on configuring a SRV record.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.