Hi everyone,
I'm encountering an issue with activesync coexistence Exchange 2013 servers loadbalanced by an HLB and 2 Exchange 2007 CAS loadbalanced by NLB.
Active sync URL are configured like this:
On E2013 Internal and External URL is https://webmail.mydomain.com/Microsoft-Server-Activesync
On E2007 Internal URL is : https://legacy.mydomain.com/Microsoft-Server-Activesync, External URL is $null
"Normal" Activesync is working fine, either for E2013 or E2007 mailboxes
There is also a Mobile Iron configured with kerberos delegation that is pointing to E2007 for some users.
Today we tried to setup a new MobileIron pointing to E2013 with Kerberos delegation in order to prepare the mailboxes migration. With this new Mobile Iron, access to E2013 mailboxes is working fine (E2013 has been configured to allow kerberos). However, when the mailboxes is in E2007, the kerberos delegation doesn't work.
Doing some network analysis, we can see that there is a kerberos communication between Mobile Iron and E2013, but between 2013 and E2007 it's using basic authentication.
What am I missing?
Sebastien