Many Exchange administrators never tangle with the issues surrounding client authentication because the default settings that Exchange uses for a single-version installation just work. However, as the topology becomes more complex, or when you begin mixing versions, the type of authentication enabled becomes of great importance.

The authentication method matters because the Exchange 2013 CAS role will always send the requests it receives to other servers, and those servers will expect authentication information about the user who is connecting. If the user’s mailbox is on an Exchange 2013 Mailbox server, the CAS can proxy directly to the HTTP proxy endpoint. If, however, the user’s mailbox is on an Exchange 2007 or Exchange ...