So clients within your network resolve your exchange server as exchsvr.internal via AD dns WHICH DOES NOT match the name on your certificate. The cert works for clients outside your network because the DNS name they use DOES match the certificate. You will have to convince your internal clients that they are connecting to your server as extdomain.org.au its been a while for me in exchange management but... I believe there are two ways of doing it.
- have the external domain name resolve internally to its internal address. Do this by creating an internal zone. <- if you dont have experience with dns, setting up forwarders or domain transfers you may not want to do this
Have your internal clients connect to the externally resolvable address of domain.org.au. You will have to use Exchange management console for that... and essentially what it does is tell your active directory attached machines that the server they want to auto connect to is no longer domain.internal I found the below here but do more homework before making such changes.
Set-ClientAccessServer -Identity exchange -AutodiscoverServiceInternalUri https://webmail.company.net/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "exchange\EWS (Default Web Site)" -InternalUrl https://webmail.company.net/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "exchange\oab (Default Web Site)" -InternalUrl https://webmail.company.net/oab
This last command is not required on Exchange 2010:
Set-UMVirtualDirectory -Identity "exchange\unifiedmessaging (Default Web Site)" -InternalUrl https://webmail.company.net/unifiedmessaging/service.asmx
You can use the "get" version of the commands, for example get-ClientAccessServer -Identity exchange to see what the current setting is, and make a note of it first.
Depending on the configuration of our network, even if they use the external address it is not likely that the traffic would go out past your gateway, meaning it should not interfere with external internet speeds.