Update on my part: I set up MfE while connected to our internal WiFi using server internal name (so no certificates needed), and it worked flawlessly. So now I have MfE while in office . Actually even that is better than nothing as at least I can do a sync before leaving office and thus have an offline copy of calendar and mail with me. Getting the certificates working would be nice though...