After migrating companies from on-premises exchange to Office 365, user may see the following error.
"The security certificate has expired or is not yet valid"
This is because the local exchange server, although switched off still runs the IIS portion of exchange. The OWA is pointing users Outlook to look the the previous certificate that was used, not Microsoft's servers.
To fix this we need to amend the AutoDiscoverServiceInternalUrl value.
1. Log on to the old on-premeises exchange and start the Exchange Power Shell
2. Check current value by running:
Get-ClientAccessServer -Identity "[SERVERNAME]" | Format-List
I would recommend screen taking a screen shot of this in case you need to revert back. Next, ping your office 365 autodiscover record and verify it's correct. E.g.
If all is OK you need to update as follows:
Set-ClientAccessServer -Identity "MBX-01" -AutoDiscoverServiceInternalUri "https://mbx01.contoso.com/autodiscover/autodiscover.xml"
Once this is done, clear the DNS server cache and restart the DNS service. Then on the client machines flush dns:
This should resovle the error