Thanks to all for your help! The issue proved to be the listeners needing to be the same for both rules (2010 plus redirect to legacy server) - at least as far as external access goes. Internal clients still require to login twice but since it is only for a couple of days its not a biggie.
On Thu, Jan 20, 2011 at 6:41 AM, Knoch, James W <[email protected]>wrote: > I am not sure if this holds true on Forefront TMG or UAG, but it applies to > ISA 2006, so I expect it to be the same. In order for FSO to work between > the 2003 and 2010 published sites, they MUST be on the same listener. Make > sure you have your *.domain.com listed as well in the FSO settings. > > Also there is some behavior with IE8 you should be aware of when using the > FSO features. If you connect to a trusted site that then refers you to an > untrusted site, you will be prompted with the form again for the legacy 2003 > page. I ran into this and figured it out when I had the main OWA URL > trusted on my home computer instead of the entire domain. > > > James Knoch > Senior Systems Engineer, Network Services > Intergraph Corporation > > > -----Original Message----- > From: Michael B. Smith [mailto:[email protected]] > Sent: Wednesday, January 19, 2011 6:12 AM > To: MS-Exchange Admin Issues > Subject: RE: Outlook Web Co-existence between 2010 and 2003 (Single Sign > On) > > Do you have the 2003 server set to FBA _on the server_? Did you apply the > AUTH patch that 2003 needs? > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Mark Milo [mailto:[email protected]] > Sent: Wednesday, January 19, 2011 1:44 AM > To: MS-Exchange Admin Issues > Subject: Outlook Web Co-existence between 2010 and 2003 (Single Sign On) > > Hi, > > We are currently in the process of migrating from Exchange 2003 to Exchange > 2010. I am looking for some advice on getting Outlook Web co-existance > between Exchange 2003 and Exchange 2010 (latest SP) during the migration. > Both Exchange servers (fully patched) are front-ended by a Forefront > security server situated on the DMZ/internal network. It is a joined to the > internal domain The issue I am having is that 2003 clients need to log on > twice - first when they connect to forefront (webmail.domain.com) and > again when they get re-directed to the legacy.domain.com. 2010 clients > work correctly ie single log on and they are connected to their mailbox. > > The CAS and 2003 front end server are both set to basic authentication. > > Exchange 2003 Settings on Forefront Server > > Front end server for 2003 Clients - set to basic Authentication The > listener for exchange 2003 clients is set to HTML form auth and > Authentication validation is Windows (AD). SSO is enabled > > Exchange 2010 Settings on Forefront Server > > The listener for exchange 2010 clients is set to HTML form auth and > Authentication validation is Windows (AD). SSO is enabled > > > Any help is really aprreciated - this thing has been driving me nuts! > > > Thanks Mark > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe exchangelist > --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe exchangelist
