Hoping someone can save me some time and point me in the right direction with this please..
We have recently taken over support of an environment with Exchange 2010 and Lync 2010.
Lync is primarly (only) used for IM internally - there is no need for external access or voice at the moment.
We changed the A records in our external DNS zonefile to point to a new website with SSL and since then Lync prompts to accept the website certificate when signing in.
Lync signs in ok but then when trying to connect to Exchange it seems to browse to http://external.co.uk:443
via our proxy server - hence the website certificate being presented.
We have one SIP domain (internal.local) and users have SMTP address of "firstname.lastname@example.org"
As part of looking into this i changed the CSAdministrator group (back) to Universal and can now publish topology
We have split DNS so i have added A records for autodiscover into our Active Directory internal.local and external.co.uk zones, i also added an SVR record for _autodiscover and Lync client can now use EWS successfully
The client is functioning (in fact with EWS we now have a little more functionality) but we still have it trying to browse externally and being presented with the website certificate. Users could probably just click to trust the server but i was hoping for more of an elegant & global solution.