Autodiscover & email configuration issues for 1 new PC

Can someone tell me what I'm doing wrong?

SBS 2011 standard running exchange - 10 users have been set up for years - laptops at home, on the LAN and at a remote location connected by VPN
Their website is at a web hosting company.

Added a win 10 PC with Office 2016 at the remote location.

when opening outlook for that user's account, he'd get prompted for his password, and warnings about the certificate is  doesn't have the correct name, etc.

Running the microsoft remote connectivity analyzer for autodiscover it says:  Connectivity Test Successful with Warnings

under that it says: The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
       Autodiscover was tested successfully.

Looking at things, it keeps trying to get to which resolves to the web server, not SBS box.  Can I just drop the autodiscover.xml from the SBS box onto the web server in a new autodiscover directory that doesn't currently exist?

Where should autodiscover.xml be located?  on the SBS box? on the web page?

There doesn't seem to be an autodiscover entry in the DNS zone.

I added an A record and pointed it to the sbs server.

pinging resolves to the SBS box.

But the Microsoft analyzer seems to have the web server IP cached?

This has been working for existing users.  Does Office 2016 and Exchange 2010 on SBS 2011 not play nice?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Too many moving parts.

No you cannot just drop the xml on your web server.

INTERNAL clients use AD to find the Exchange server.  So internal clients will work regardless of your DNS setup.

The "remote connectivity analyzer" is exactly that.  It tests *REMOTE* connections.  That means *PUBLIC* DNS, and you must have an autodiscover entry that is reachable, a public IP, and can reach the exchange server (via port forwarding or direct or routed or other.)  

If an autodiscover record is not found then yes, is a fallback mechanism which will be tried, and since that often points to a public web server, will often fail with warnings.  This is expected behavior.

Outlook 2016 and Exchange 2010 play fine together.  Most new features don't work, but that is to be expected.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michael B. SmithExchange & Active Directory ExpertCommented:
You should post the full set of results.

But if Outlook tells you that you don't have the correct names in your SSL cert - you probably don't have the correct names in your SSL cert (based on how Exchange is configured). Just because autodiscover is in DNS doesn't mean it's in the SSL cert.
Saif ShaikhServer engineer Commented:
Outlook 2016 uses autodiscover to connect to exchange. If certificate does not have a autodiscover entry and a host A record it will fail to connect giving cert error.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.