After reviewing the Exchange server migration guide the preparation to allow proxying from 2010 to 2013 the following command must be run on the 2010 server:

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 14*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach {Set-OutlookAnywhere "$_\RPC (Default Web Site)" -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic}

My question is why does it call for enabling basic authentication for the client authentication method? This will cause all clients with mailboxes on the 2010 server to prompt the user for the password every time outlook is opened.

If I set the authentication method to NTLM will proxying still work?

Thank you in advance,

Jose

Only the Exchange 2013 server should be talking to the Exchange 2010 server.  The idea is that you switch your URLs to Exchange 2013 and let it proxy for Exchange 2010.

Hi,

As Ed mentioned, since Exchange 2013 can proxy and redirect back to 2010, but 2010 cannot proxy forward to Exchange 2013, we recommend change DNS record to Exchange 2013 server.

All OA connections, both 210 mailboxes and 2013 mailboxes can be connected via the 2013 CAS.  2013 will proxy connections back to 2010 for legacy mailboxes.  The externalHostName for both 2013 and 2010 should be the same, (webmail.domain.com).  Therefore the externalClientAuthenticationMethods should be configured to match whatever is configured for 2010, either Basic or NTLM.  For OA to proxy from 2013 to 2010, the IISAuthenticationMethods on 2010 must be reconfigured to support both Basic and NTLM.