i came across this scenario the other day where i needed to have a unified namespace for OWA logon so that any user in the world independent of local exchange server can log on to a single url and get re-directed to the local mailbox. Exchange 2010 has a couple of features to help this out initially but requires individual OWA sessions per location and it “optimizes” the process. So when you login what happens is if the local exchange server to the published OWA session is not your most local system it will redirect you to the most optimal CAS server for your user account!

However this is not what was required as it requires 2 logons…

Roll-on the MS approach and here is a link to it


it works for 2010 as well and is an interesting way of doing it… but again it doesnt solve the requirements of the solution

The solution was quite simple in the end

so on the main exchange cas which is publish the single url you want to publish run this from the exchange management shell

Set-OwaVirtualDirectory -Identity "Contoso\owa (default Web site)" –RedirectToOptimalOWAServer $false


then on each exchange cas in the organization

Set-OwaVirtualDirectory -Identity "Contoso\owa (default Web site)" -WindowsAuthentication $true -BasicAuthentication $true

This enables kerberos authentication which is key to getting this to work

finally on every server you make the change on from an administrator command prompt run iisreset /noforce

and Voila! 🙂