We are currently running Exchange 2010 SP1 in coexistence mode with Exchange 2003. There are 2 internet facing sites, 1 in US, and 1 in EU with multiple non-internet facing sites.
Each internet facing site has been configured for internet access with a UCC cert on the CAS servers (only 1 CAS at each site that also shares the HT role).
So we have:
mail.contoso.com -------- points to US site.
mail-eu.contoso.com ---- points to EU site.
External services are configured correctly and working, including OWA, ActiveSync, ECP, and Legacy access to the exchange 2003 front-end.
The US site has Autodiscover configured correctly, and everything functions as planned.
Outlook Anywhere has also been turned on and configured. OA works just fine for the US site and mailboxes on that site’s 2010 MB server. If the CAS (in the US) is rebooted or unavailable, Outlook 2010 clients automatically reconnect to Exchange once it’s available without prompting for a password. Works great.
The EU site also has Autodiscover and OA configured the exact same way, however, we're having some very strange side effects regarding the CAS in EU if it is rebooted/unavailable.
If the CAS at the EU site is rebooted, all Outlook 2010/2007 clients at the same site are disconnected and immediately prompted for a username/password to reconnect to Exchange.
If I’m an EU user at the US site using Outlook 2010, I am not prompted for a password, and Outlook 2010 automatically reconnects to the server as soon as it’s back online.
If I’m an EU user at the US site using Outlook 2007, I am immediately prompted for a password, and Outlook 2007 does not automatically reconnects to the server.
Both CAS servers have been configured for NTLM authentication in Outlook Anywhere, and the Autodiscover directory in IIS has been configured for Anonymous, Basic and Windows authentication. I only mention this because every other topic I have seen where the client is prompted for a password has been related to NTLM authentication being configured incorrectly for OA.
We’re on the verge of beginning the mailbox moves over to 2010 from 2003, but this last piece of functionality is stopping the show. We really need the EU clients to auto-connect back to Exchange if it temporarily becomes available, the same way everything works in the US.
The really confusing part to me is the fact that EU users at the US site running Outlook 2010 are not prompted for passwords, while EU users who are local to the CAS are prompted for a password.