When a Client Access Server (CAS) server fails over, OWA users need to re-authenticate and Outlook users need to close Outlook and open it again to get connected to a new CAS server.
To fix this issue, implement Kerberos authentication in Exchange 2010 (requires SP1 or higher). Microsoft articles about this can be found at the following links:
- Exchange Team Blog explaining the details of the problems in Exchange 2010 authentication: http://blogs.technet.com/b/exchange/archive/2011/04/15/recommendation-enabling-kerberos-authentication-for-mapi-clients.aspx
- Technet article on configuring Kerberos authentication: http://technet.microsoft.com/en-us/library/ff808312.asp
The default authentication mechanism in Exchange 2010 is NTLM and due to the way that the CAS Array is designed this causes the need for users to re-authenticate when the CAS server fails over. This is expected.
In order to avoid this, it is required that Kerberos authentication is configured and also that Exchange 2010 SP1 or higher is in use. Information on how this behavior occurs can be found on the Microsoft website.
Additional information can be found at the following links:
- Technet blog: http://blogs.technet.com/b/exchange/archive/2011/04/15/recommendation-enabling-kerberos-authentication-for-mapi-clients.aspx
- For information on how to configure Kerberos authentication you can reference this Technet article: http://technet.microsoft.com/en-us/library/ff808312.aspx