During an Exchange 2013 and Exchange 2007 coexistence scenario, there are 2 types of Exchange 2007 CAS servers; one set of Exchange 2007 CAS servers serving OWA for internal clients with Forms based authentication behind an internal reverse proxy requiring forms based authentication and Windows Credentials, second set of Exchange 2007 CAS servers serving OWA and ActiveSync for external clients with Windows Integrated Authentication behind a DMZ located reverse proxy requiring forms based authentication and pre-authentication using SecureID.
When introducing Exchange 2013 CAS servers, plan is to to have 2 IPs and 2 web sites on the Exchange 2013 CAS, each handling authentication of OWA differently depending on if the originating traffic is external or internal, so removing the internal reverse proxy - though keeping the external reverse proxy with pre-authentication. Now, how do I ensure that the proxied (AutoD, EWS) and redirected (OWA) traffic from Exchange CAS 2013 to 2007 is sent to the applicable Exchange 2007 CAS server (i.e. depending on whether traffic is originating externally or internally). As Exchange 2013 doesn’t know the difference of IIS authentication settings of the Exchange 2007 CAS servers, users might occationally get a authentication pop up.
Thanks
Gaute