This problem has made me crazy, I've lost almost a day so I share it willingly hoping will come in handy to someone else.
I am following a double migration of a customer's exchange (from 2003 to 2010 and then 2013), during the transition between 2010 and 2013 all Windows XP clients. once migrated the user to 2013, were no longer able to connecte to exchange (using outlook 2007 and 2010, both in compatibility matrix with exchange 2013). The client signaled that exchange was not online and there was no way to connect it also by modifying the advanced options of outlook. The problem also appeared reconfiguring from scratch the outlook profile and the reported error was:
“The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action”
No problem with the same users with Outlook 2007 or 2010 client on windows 7 or windows 10, This behavior made me realize that the problem was right in the operating system but, even with a Windows XP fully updated and patched, the problem remained. After some research I finally found someone who pointed out the difficulty of windows xp in managing certificates of SAN type (subject alternative names). It seems that XP still going to check the principal name of the certificate and, if this does not match the service to which it is connecting, it gives the error.
So the problem occurs when you put together these 3 things:
Windows XP + Exchange 2013 + SAN Certificate
In particular, Windows XP, as we said, does not handle well SAN certified as, as we know, Exchange 2013 no longer uses RPC connections but only HTTPS connections so the certificates are fundamental.
The solution is to specify the actual principal name of the certificate with these two commands:
Set-OutlookProvider EXPR -CertPrincipalName:”msstd:webmail.domain.com”
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:webmail.domain.com
where webmail.domain.com is the principal name of the certificate (the one that you also find in the subject of the certificate)!