We have an Exchange 2013/365 Hybrid with:
3x Exchange 2007 servers
2x Exchange 2013 servers, one of which is the Hybrid and MRS endpoint
An Office365 Tenancy
Azure AD Sync with password sync (not ADFS)
As it is in hybrid, the Autodiscover DNS records point to the on prem 2013 server as is required.
Some users, when their mailbox migrated to Office365, receive a certificate warning as per the below picture.
This is probably from the Autodiscover redirect, when the autodiscover service in Exchange 2013 redirects the client to the Office365 Exchange instance.
How can we correct this?
Also note, the certificate does not have the usual chain of root CA -> intermediate CA -> cert as I would expect: