While I have an open ticket with support, I don't seem to be getting a straight answer from them. Does anyone know what the best practice is for RSA Web Agent authentication challenge for a Exchange 2010 - Exchange 2016 coexistence.
We currently have RSA configured to enforce OWA and ECP in out Exchange 2010 production environment as well as our Exchange 2016 preproduction environment. We're looking to configure coexistence between the two but do not know how RSA will handle this. Webmail (OWA) connection will be answered by the Exchange 2016 servers and proxied to the Exchange 2010 servers until all mailboxes have been moved between the environment. Quick testing shows that Exchange 2016 will challenge for RSA MFA, accept/pass the challenge and then redirect the request to Exchange 2010 to which you receive a second challenge request. Is there a way for RSA to pass the successful challenge token between the two environment or do we simply need to just disable RSA on the Exchange 2010 environment? If we need to disable RSA on the Exchange 2010 environment, do we need to revert/change any of the IIS authentication setting that were set during the implementation of RSA?
With a strict change control process, I need to know the expected impact and fix prior to making the change to the production environment. I simply cannot fix/mess with things on the fly.