We have deployed infrastructure as follows:
Active Directory 2012 X 2 (Single Forest, Single Domain)
Exchange 2013 Infrastructure is as follows:
Exchange 2013 HubCas in Array (2 Nodes)
Exchange 2013 Mailbox Server in DAG (2 Nodes)
We have 5 accepted mail domain
Client environment:
XP, Windows 7, Windows 8 and MAC Machines
Mail Clients
Outlook 2007 SP3 + Small Update
Outlook 2010 SP1 + Small Update
On Premise Certificate Authority server installed for Exchange Certificate
Working scenarios are as follows:
Internal Domain users are connected to exchange using above mail clients
Non Domain users within same network are also connected but using HUB CAS Server name, Initial user authentication we need to give Active directory server IP to verify the user. Then change the server name in Outlook to outlook 2007 or 2010.
Domain Users are able to send and receive mails, non domain users within same network are able to send and receive mails but they receive error for OAB.
External users are able to use OWA with their respective login ID
Same external users when they use Outlook to to connect to Exchange using External mail domain are unable to login.
The Server Authentication on HUB CAS we are using IS NTLM.
IF we change this authentication to Basic or Negotiate on HUBCAS, (domain based internal and non domain based), either XP or Windows 7 machine will not be able to authenticate on domain and will prompt password in loop.
We changed Settings in ISS (Default website --> Auto Discover, OAB, EWS, RPC [Authentication --> Basic --> Enable]
After those changes now all domain and non domain Internal users are able to login without any issues.
Users outside domain and Network are still unable to use OUTLOOK. (Internet)
If anyone can help will be highly appreciated as we are in the final stage of the project and need to close on immediate basis.
Thanks & Regards,
Santosh
Santosh Dave Head of Infrastructure Technology & Services Elite Technologies Middle East Kingdom of Bahrain, Manama.