I have an issue with my exchange box. A few month ago I renewed my UCC certificate which resulted in me having to set up a split dns configuration (due to no longer being able to alias private domains).
External clients now resolve on remote.domain.com, This is seamless.
Internal clients (Outlook) resolve on exchserver.domain.local. This results in certificate errors.
I have told users to accept / ignore certificate errors for a few weeks while I get around to resolving. Issue is the GAB is now getting out of date (I believe it connects through web services). Send and receive results in an error.
Outlook Client will never keep the external address, even though it would resolve internally and offer the correct certificate.
My question is, what is standard practice for setting up certificates on a split dns install?. Should I concentrate on making internal clients connect to the external address, or should I be looking at making web services offer different certificates?
Apologies if I am asking daft questions, I just don't want to focus time on a wild goose chase!