New Exchange 2016 Installation All Devices Connect Fine Except Androids

Removed a SBS2011 and migrated to a Server 2016 with 1st VM (PDC) and 2nd VM(Exchange 2016). Rekeyed the cert and everything works fine except Android devices. Get this error.
login error
Allot of information on the internet but haven't seen anything that's helped resolve the issue.

Microsoft updating the TLS to 1.2, but providers not having done this, as we are all having this problem with mobile phones and tablets using Outlook.
Some information about this on the internet but the links don't really give any resolution.
LVL 18
WORKS2011Managed IT Services, Cyber Security, BackupAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroEE Solution Guide/Topic Advisor and CEO Faru Bonon ITCommented:
Well if the problem is on the certificate, then the problem is simple, he has to get a new certificate that allows TLS 1.2 and is correctly signed.
At least that you want to implement Certificate authentication with these devices.

https://support.kaspersky.com/13694
WORKS2011Managed IT Services, Cyber Security, BackupAuthor Commented:
Jose, certs always seem to get the best of me. Turns out the local computers Outlook connects but this cert error pops up.
cert
This doesn't have anything to do with remote though, correct?

I added all the names to the certs but maybe forgot this one.
WORKS2011Managed IT Services, Cyber Security, BackupAuthor Commented:
The GoDaddy cert I didn't add exchange.domain.local, should I have added this to the cert?

Certs on the server
Cert I created from GoDaddy
certBuilt in cert
cert3
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

Jeff GloverSr. Systems AdministratorCommented:
You can't add a .local to a GoDaddy cert. Support was discontinued for that years ago. What services are connected to your GoDaddy cert?
WORKS2011Managed IT Services, Cyber Security, BackupAuthor Commented:
Hi Jeff, IIS and SMTP
Jeff GloverSr. Systems AdministratorCommented:
How many Exchange servers do you have?
WORKS2011Managed IT Services, Cyber Security, BackupAuthor Commented:
1
Jose Gabriel Ortega CastroEE Solution Guide/Topic Advisor and CEO Faru Bonon ITCommented:
I think that the problem is that you haven configured correctly the certs on the exchange server
WORKS2011Managed IT Services, Cyber Security, BackupAuthor Commented:
...and how do you recommend I configure them?

I added a forward lookup zone in my DNS for the .com domain and added host A records for www, remote, and autodiscovery. Testing now.
Jose Gabriel Ortega CastroEE Solution Guide/Topic Advisor and CEO Faru Bonon ITCommented:
Like this
Get-ExchangeCertificate

Open in new window


find the one you got from goddady and get the thumbprint

then >

Get-ExchangeCertificate -thumbprint xxxxxx | Enable-ExchangeCertificate -services IIS,SMTP

Open in new window


Then Set the internal and external urls
you can use this one:
https://gallery.technet.microsoft.com/office/Script-to-configure-the-5a58558b

And finally
IISRESET

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WORKS2011Managed IT Services, Cyber Security, BackupAuthor Commented:
Turned out an internal URL in the virtual directories was misconfigured. Corrected this and only other issue was external website didn't pull up on the LAN so I added a host A record with external IP. All is working now.
WORKS2011Managed IT Services, Cyber Security, BackupAuthor Commented:
I think I finally have certs figured out. As you can see in a previous post regarding certs and exchange I seem to run into bottlenecks. Turned out an internal URL in the virtual directories was misconfigured. Corrected this and only other issue was external website didn't pull up on the LAN so I added a host A record with external IP. All is working now.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.