I've spent about 20+ hours on the phone with MS Exchange support trying to get this working. We are a small organization, 30 clients. I just migrated from Exchange 2007 to Exchange 2013. All services start up and move mail properly to/from the internet. UM works properly. Everything tested fine before moving everyone live to the new server. However, Outlook will not connect normally on the client machines. Sometimes some clients can connect, other times they cannot reconnect.... whether they can connect or not is very transient. Almost like it's a port conflict issue. I have a third party Digicert certificate installed that I'm using. MS assures me that my entire exchange setup is correct so they've passed the ticket on to Active Directory support. They will be calling me later. However, I thought I'd throw this out there to the experts community for input.
About the certificate, I have 4 hosts on it, mail.ubifcu.com, autodiscover.ubifcu.com,legacy.mail.ubifcu.com, and ubifcu.com. Activesync, and OWA work just fine, both inside and outside the network. (I have the clients all using OWA currently).
Sometimes I can get a half-hearted Outlook connection on some stations, but the Outlook connection status window shows negotiated connection for Authn method, the actual server name instead of the SID@ubifcu.com, and a bunch of other connection oddities.
I've pulled a few test clients (and the server too) out of their normal OU to an OU with no GPO's being applied (in some GPO's we do modify the NTLM response to accept NTLMv2 only). This didn't fix the issue.
I've stopped all extraneous services on the Exchange box, and restarted the Exchange and IIS services (thinking it was a port contention issue). This did not resolve the issue.
To me this feels like a port contention issue, but I cannot find one at all. Right now, I'm open to all suggestions. I would be very surprised if I haven't tried it all ready, but there is obviously an answer I haven't considered yet because it's sill not working 100%.