Problem with external Outlook 2016 clients using old SSL certificate
I have a client with a SBS 2011 server who changed the email domain from mail.XXX-uk.com to remote.XXX.com. The internet domain name wizard was run reflecting the new domain and hence the new remote domain name of remote.XXX.com and a new verified SSL certificate was installed. Outlook Web Access and Remote Web Workplace work fine. All the internal clients appear to be connecting fine but the 2 remote clients which are Outlook 2016 are not connecting when using Outlook Anywhere and they get an error message "there is a problem with the proxy server's security certificate. The name on the certificate is invalid or does not match the name of the target site mail.XXX-uk.com." The actual target should be remote.XXX,com.
I did have a problem with the mail.XXX being stuck on the Exchange 2010 smtp service but it appears to be cleared now.
What you'll have to do is first test the SSL setup for each host in your proxy chain, using a public tester like SSL Labs tester.
If this works (I'm guessing it will), then you'll likely require all the Outlook clients accessing may be updated.
My guess is you may have clients missing some ciphers or some other code out of date, since some clients work + others fail.
Also keep in mind, remote clients will be connecting via a completely different path of proxies than internal clients, so be sure you verify all SSL certs are exactly the same on all proxies or are passing through SSL connections correctly. Proxies can be a bit complex to get working.
Tip: Try connecting to your external proxy using an up to date client, like Thunderbird, to see if that works.