I have been saying for a long time now that you need to use a well known 3rd party multiname cert if you want to use ActiveSync or outlook anywhere.
MS now agrees with me🙂
When you create a certificate request you want to include the following:
- mail.domain.com (mail = your external name)
Here is an example of a cert request
New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, O=Company, CN=mail.domain.com" -domainname mail.domain.com,autodiscover.domain.com,hostname,hostname.domain.local -FriendlyName mail.domain.com -privatekeyexportable:$true -path c:\cert_myserver.txt
And the import after you get the cert back
Import-ExchangeCertificate –Path “C:\CertificateFile.cer” | Enable-ExchangeCertificate -Services pop, smtp, iis, imap