We have just installed an Exchange 2010 CAS server. Instead of moving everything and renaming and adding certificates, we merely added the CAS as a totally new name. The legacy environment has webmail.domain.com. We opted to test prior to changing our DNS entries. So for our new environment, we are using webmail2.domain.com. We have added a redirect to the legacy boxes for the 2003 mailboxes. The redirect works to the legacy boxes using a new URL (which will eventually become the legacy name during coexistence – mail.domain.com —which is the webmail.domain.com server).
The redirect works, but the users are prompted to login twice. They login to the 2010 OWA and the redirect displays the 2003 OWA login page. I would like single sign on. Another issue is that even when testing the login, it errors out and says that the user can't be authenticated. Is it that the redirect points to a name that hasn't been added to IIS?
Forms Based Authentication is enabled on the 2003 servers as well.
I hope I explained it well enough. Essentially, we are trying to test the 2010 environment in a production environment prior to changing the DNS entries and changing certificates.
Best Answer
If you have manually created a redirect on the CAS remove it. Exchange 2010 CAS will automatically redirect a user to the correct OWA page based on the Mailbox type (legacy, User). You want to configure the "Exchange2003Url" on the OWA Virtual directory. This tells OWA what URL to send Users to if their mailbox still exists on the Exchange 2003 servers.
Also note that setting it up in this way will allow the Exchange 2010 CAS to pass the authentication form across to the Exchange 2010 Front End server. This will ensure users do not have to re-authenticate once redirected.
Get-owavirtualdirectory | fl name,Exchange2003Url,RedirectType
Set-owavirtualdirectory -exchange2003Url "https://webmail.domain.com/exchange"