Single server Exchange 2016 installation.
Server is using a self-issued cert.
The cert is installed on all the workstations in the Trusted Root Certification Store, but all Outlook users are prompted at start to accept the cert with the 3rd option in the security Alert dialog redX’d “The name on the security certificate is invalid or does not match the name of the site”.
The name on the cert is the same as the host name of their MX record.
If an external user, without the cert, attempts to access OWA using IE, they get the expected certificate waring, but if they install the cert, then OWA logs in without the warning, so I believe the cert works OK.
If Outlook users OK through the Security Alert dialog, they connect OK and are not prompted again for the remainder of the Outlook session.
Any ideas to fix this?
I’ve looked at bindings in IIS, and they all use that cert.
If I do get-ExchangeCertificate in EMS, services I,P,W & S are bound to the cert in question, which is consistent with other Exchange Servers I’ve checked on.