We currently have two Exchange 2007 sp3 servers.  One running all the roles, another running only the client access server.  The server running all of roles (server1) is not accessible from the outside.  The CAS only server (server2) is accessible internally and externally, but for OWA requires two factor auth.  I am in the process of upgrading to Exchange 2010, and finding that this is not a supported configuration.  It seems like I need to have both CAS servers setup similarly.  I want to force two factor auth on external OWA, but not on internal OWA.  Help or advice would be greatly appreciated!

Hi,

What's the exact requirement about two factor auth on external OWA? Some external users use Integrated Windows authentication while the others use Basic Authentication?

Generally, we can configure Multiple OWA/ECP Virtual Directories on Exchange 2010 Client Access Server with different authentication for different AD sites (Internet-facing and Non-internet-facing site):

http://blogs.technet.com/b/exchange/archive/2011/01/17/configuring-multiple-owa-ecp-virtual-directories-on-exchange-2010-client-access-server.aspx  

Regards,

Our two factor auth software works with basic auth on the OWA site.  Your attached article points to setting up a second site on Exchange 2010, but I am still on 2007, and wanted to see if I could setup 2007 this way before we migrate to 2010.  Our current upgrade process is stuck because the 2010 CAS server can't properly proxy to the 2007 CAS.