I've deployed Exchange 2010 across 2 sites and I'm currently piloting with other members of the technology team. I've had a number of issues where users are prompted for their credencials after a failover. I was able to resolve most of these by depoying the GPO templates to disable the RPC/HTTP stuff on the internal Outlook clients. This seems to have completely fixed the problem for in-site switchovers, but we still get some of these problems after a cross-site switchovers. It's not exactly consistent, sometimes it does sometimes it doesn't.
We only have hardware load balancers in each location no geo-LB's. I'm thinking that might be part of the problem when the original CAS Array issues the wrong server response it's technically a new connection coming into the CAS Array in the site I just switched the DB into.
The DAG settings do not allow cross site RPCClientAccess, and since I'm using SP2 RU4 I think the expected default behavior should be the Outlook profile reconfigures based on the wrong server response and subsequent discovery attemp. What I'm wondering is if the prompts are expected behavior given our isolated (non-geo) load balancers?
This is obviously a complicated topic and the parameters have changed as 2010 has been updated, but if any one can shed some light on this or perhaps point me to other resources MS or not I that would be great.