When installing Exchange 2007 in a domain that has different internal and external domains (i.e. ourcompany.int and ourcompany.com), installing a certificate for the external domain causes an error when internal domain users log into Outlook. The error encountered is:
The name of the security certificate is invalid or does not match the name of the site.
------------------------------
Resolution:
Start the Exchange Management Shell.
Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service.
To modify this URL, type the following command, and then press ENTER:
Set-ClientAccessServer -Identity yourmailservername -AutodiscoverServiceInternalUri https://mail.yourdomainname.com/autodiscover/autodiscover.xml
Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "yourmailservername\EWS (Default Web Site)" -InternalUrl https://yourdomainname.com/ews/exchange.asmx
Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "yourmailservername\oab (Default Web Site)" -InternalUrl https://yourdomainname.com/oab
Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
Set-UMVirtualDirectory -Identity "yourmailservername\unifiedmessaging (Default Web Site)" -InternalUrl https://yourdomainname.com/unifiedmessaging/service.asmx
Open IIS Manager.
Expand the local computer, and then expand Application Pools.
Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Reference: http://support.microsoft.com/kb/940726