Correct configure Outlook Anywhere in Exchange 2013 to work with internal/external autodiscover

Hello. First of all about my Exchange 2013 settings.

I have an AD users that are in LAN and are local, and some AD users that work in different LANs. 

I want local users to use Exchange with benefits of NTLM authentification and external users to use Basic auth.

I have tried to configure outlook anywhere for that since Exchange 2013 works with outlook via HTTP only.

So now Get-Outlookanywhere looks like this

ExternalHostname                   : mail.externaldomain.ru
InternalHostname                   : exchangecas.internaldomain.ru
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

If i configure user's outlook manually it works in my local LAN not for long. Soon it changes to External settings via autodiscover. Needless to say if i'm trying to use start-up outlook autoconfigure in local LAN it configures to external settings with external names and Basic auth.

My local users connect to autodiscover via SRV from DNS that leads to my CAS server and has the same value as

Get-ClientAccessServer

AutoDiscoverServiceInternalUri       : https://autodiscover.internaldomain.ru/autodiscover/autodiscover.xml

I solved it by using GPO templates for Outlook. So now my internal users can use Outlook with NTLM.

Now i started to configure external users and new problems occured. External users get INTERNAL settings from autodiscover. And if i change them manually they change it back later. 

So here is a portion of xml files that i get from outlook 2010 when i test automatic mail from local LAN for user@internaldomain.ru :

 <Protocol>
        <Type>EXPR</Type>
        <Server>mail.externaldomain.ru</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>

      <Protocol>
        <Type>EXHTTP</Type>
        <Server>exchangecas.internaldomain.ru</Server>
        <SSL>Off</SSL>
        <AuthPackage>Ntlm</AuthPackage>

      <Protocol>
        <Type>EXHTTP</Type>
        <Server>mail.externaldomain.ru</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>

and Outlook takes EXHTTP external domain settings.

I get the same xml file when i test automatic mail from external LAN for user@externaldomain.ru from outlook 2007 but it takes internal settings!

By the way my default email address in Default policy in Address Policies is @externaldomain.ru if it's relevant to this case.

So please help me. I don't think that my case is somehow unique. How this external/internal thing works in Exchange 2013? Where are my errors? How can i get this autodiscover thing to work correctly externally and internally?