Certificates are a big problem for most administrators if they are configured incorrectly. Out of the box Exchange 2007 has a self signed certificate that will work. Since I don’t want to reinvent the wheel here I will point you to this blog for more information on Exchange 2007 Autodiscover and certificates: http://msexchangeteam.com/archive/2007/04/30/438249.aspx
Now if an administrator happens to change the server side certificate after Outlook clients have already downloaded and stored the self signed certificate to the personal store, problems will arise. After this clients will get the annoying 0X8004010F error. This will cause sync errors when you try to Send/Receive.
12:45:53 Synchronizing Mailbox <dgoldman>
12:45:54 Microsoft Exchange offline address book
As for the Error Code: 403 Forbidden. What this means is that the client certificate used to establish the SSL connection with the ISA Server or Exchange Server is not acceptable. For ISA Servers this requires the use of a client certificate that is intended for a specific purpose.
Although Web-based distribution is enabled by default and does not require further configuration, we recommend that you enable Secure Sockets Layer (SSL) for the OAB distribution point. For more information, see How to Require SSL for Offline Address Book Distribution.
How to fix this
1. Enable SSL in IIS on the OAB Server.
2. Issue a new certificate to the server. This can be a newly obtained certificate from a provider or a certificate that has been created with the New-ExchangeCertificate cmdlet. For more information see this Wiki: http://www.exchangeninjas.com/New-ExchangeCertificate.
3. Remove the certificate from the Outlook clients personal store.
4. Log in with the client and you should be prompted to download the new certificate. The certificate must be installed on the clients.
5. Restart IIS after the new certificate has been installed.
For more information on deploying Outlook Anywhere see this document: http://technet.microsoft.com/en-us/library/7b2d1ce2-b6df-4604-80fd-2f6cafc47e82.aspx
I hope this helps