Hi,
I wondered in anyone could offer any guidance on a problem we are seeing with a cross forest Exchange 2010 (domain A) to Exchange 2013 (domain b)migration.
Our problem is based around the fact that the users are still logging into 'windows clients' in the source domain (domain A). We have configured mail enabled users in the source to enable auto discover to work correctly and the user can successfully connect to their own mailbox once it is provisioned in Exchange 2013 (domain B). Our main Outlook client being 2010 SP2.
The user is not prompted to login at this stage, which is preferred.
However the problem is that they cannot connect to any other resource in the Exchange 2013 (domain B) environment. (We have no interest in them accessing resources in the Exchange 2010 environment as this is a major switchover). When attempting to connect to public folders (2013) they receive only those permissions provided by the 'Default' user permission. When trying to expand a mailbox where full access has been granted they receive the 'Unable to expand. An attempt to logon to Microsoft Exchange has failed' error.
If we change Outlook to 'Always prompt for logon credentials' and then login with credentials from the target domain (domain B, all resources can be accessed successfully.
As part of our migration we have used ADMT, a two way trust is in place, SID history has been migrated and SID filtering is turned off in both directions. Passwords in both domains are matching by virtue of an Identity management solution. Outlook anywhere on exchange 2013 is set to negotiate (internal and external) with IIS configured with 'Basic, NTLM and Negotiate' as authentication types.
Whilst the obvious answer is simply to get the users to login to the target domain (domain B), it is unfortunately a requirement that users continue to login to the source domain (domain a) for a while after the Exchange migration has completed.
Would anyone be able to advise if this is just something we have to live with and find a way to force users to login every time they open outlook, or is there perhaps a way to configure this to work so that users are not prompted to login but can access all their resources.
Many thanks for any assistance or opinions.
Kind Regards,
Mark Needham