I ran into an interesting issue recently when I tried to setup Outlook Anywhere. I was sure it had worked in the past and https://testconnectivity.microsoft.com reported everything was fine with autodiscover and Outlook Anywhere, yet I could not for the life of me get Outlook 2013 to connect to the Exchange server.
After disabling/enabling Outlook Anywhere on the server to switch it as a test from NTLM to Basic authentication I found an interesting error logged in the Application log.
Microsoft Exchange couldn't find a certificate that contains the domain name domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet with a FQDN parameter of server.domain.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN.
Turns out the last time I renewed the certificate was after the public CAs stopped allowing .local domains on the certificates, so Exchange no longer had a certificate to secure server-to-server SMTP.
Since my site only has one server for everything you’d think that would not be a problem, but sure enough as soon as I ran
new-exchangecertificate
on the Exchange server Outlook started connecting right away. Sweet.
