"The name of the security certificate is invalid or does not match the name of the site" when check Free/Busy calendar availability or OOF message

Folks
OOF and Free/Busy calendar availability depends on Autodiscovery Service.

First of all to get this availability for Outlook anywhere the /Autodiscover folder should be published form ISA server , and configuring the External URL in CAS servers.

Enable-OutlookAnywhere -Server CAS01 -ExternalHostname "mail.domain.com" -ExternalAuthenticationMethod "Basic" -SSLOffloading:$False

Set-OABVirtualDirectory -identity "CAS01\OAB (Default Web Site)" -externalurl https://mail.domain.com/OAB -RequireSSL:$true

Set-WebServicesVirtualDirectory -identity "CAS01\EWS (Default Web Site)" -externalurl https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$True


The access to this service could be trough URL's: https://mail.domain.com/autodiscover/autodiscover.xml or https://autodiscover.domain.com/autodiscover/autodiscover.xml

1.Case with a certificate with only one name
1.1 You should update the Autodiscover URL in the AD object  SCP(Service Connection Point) and the Internal URL to avoid this message in Outlook Client:

"The name of the security certificate is invalid or does not match the name of the site"

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.domain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.domain.com/oab

Open IIS Manager.
Expand the local computer, and then expand Application Pools.
Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

1.2  Beside this change we shoud modify the external DNS entry (SRV records should be supported by the DNS server)
Create the SRV record Autodiscover in the external DNS zone domain.com
In the external zone DNS , delete any  record HOST(A) or CNAME for Autodiscover
Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: mail.domain.com
The Autodiscover Service do the following when the client will try to contact:
Autodiscover posts to https://domain.com/Autodiscover/Autodiscover.xml. This fails.
Autodiscover posts to https://autodiscover.domain.com/Autodiscover/Autodiscover.xml. This fails.
Autodiscover performs the following redirect check:
GET http://autodiscover.domain.com/Autodiscover/Autodiscover.xml
This fails.
Autodiscover usa DNS SRV lookup para _autodiscover._tcp.domain.com, and then "mail.domain.com" is returned.
Outlook asks permission from the user to continue with Autodiscover to post to https://mail.domain.com/autodiscover/autodiscover.xml.
Autodiscover's POST request is successfully posted to https://mail.domain.com/autodiscover/autodiscover.xml.

2. Case certificate with SAN (subject Alternative Name) with the names : mail.domain.com y autodiscover.domain.com

This is the recommended case and easier to the configuration
For further information, please see the links below:
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx
http://support.microsoft.com/?kbid=940726
http://support.microsoft.com/?kbid=940881
Enjoy,

-Dario