We currently use a Vasco Digipass solution to handle two factor auth for external users by having two CAS servers, one for external, and one for internal.  The External CAS has a plugin that takes the basic authentication, and passes it through to the digipass auth server to authenticate.  This solution had worked well for us until now when we want to upgrade to 2010.  What we want to do is make all of our CAS servers behave the same, yet still have two factor auth for external users.  Please provide any experience or ideas that you may have.

Hi,

Settings on Exchange 2010 should be no difference with Exchange 2007.

One CAS for external, and one CAS for internal. In my opinion, I should mention that we need to configure Client Access Array on all mailbox database to let internal users just connect to internal WebServices. Use the following command to configure this setting.

Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer internal_only_CAS_Array_FQDN

Best Regards.

Your solution may work on 2010, but I believe Rpc ClientAccessServer was introduced on 2010, and not available on 2007.  My issue is that in order to have 2010, and 2007 coexisting, I need 2010 to be able to proxy to 2007 while mailboxes exist on the 2007 server.  It isn't able to proxy currently.

What is the purpose of that you have introduced Exchange 2010 CAS server that you did not mentioned.

If you are going to have co-existence (2007 & 2010) model then you have to have two separate CAS servers that is CAS-2007 server for Exchange 2007 mailbox users and CAS-2010 server for Exchange 2010 mailbox users. Please refer the below link for more infrormation about upgrading Exchange 2007 to 2010.

https://technet.microsoft.com/en-us/library/dd351133(v=exchg.141).aspx

After you have prepared your environment as mentioned on the above link then you will have to setup the exchange 2010 CAS server as you did it for External CAS-2007 server. I meant to  install the Plugin on External CAS-2010 server.

Please remember to mark the replies as answers if it is relevant to you question.