No free/busy info for mailboxes moved to Exchange 2013 from 2007

Hi,

I've seen very similar issues posted here for Exchange 2007/2013 coexistence environments where a user that's migrated to exchange 2013 can no longer see free/busy info for users still on 2007.  I'm having the opposite issue.... users still on Exchange 2007 cannot see the free busy info for users that have moved to Exchange 2013.  But... the users on Exchange 2013 can see free/busy from users on 2007 just fine.  Each environment can also see free/busy from other users in the same environment.

I'm getting the following error in the 2007 CAS server application log when a 2007 user tries to access free/busy data of a user that's on Exchange 2013:

Log Name:      Application
Source:        MSExchange Availability
Date:          8/9/2016 11:22:07 AM
Event ID:      4002
Task Category: Availability Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <2007-CAS-Server>.<domain>.edu
Description:
Process 3396[w3wp.exe:/LM/W3SVC/1/ROOT/EWS-1-131152389880461896]: Proxy request IntraSite from Requester:S-1-5-21-2093502940-148917193-1586563796-131862 to https://email.<domain>.edu/EWS/Exchange.asmx failed. Caller SIDs: S-1-5-21-2093502940-148917193-1586563796-131862. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.CompleteRequest(). The request information is ProxyWebRequest type = IntraSite, url = https://email.<domain>.edu/EWS/Exchange.asmx
Mailbox list = <Some, User>SMTP:<Ex-2013-User>@<domain>.edu, Parameters: windowStart = 7/23/2016 3:00:00 PM, windowEnd = 8/22/2016 3:00:00 PM, MergedFBInterval = 30, RequestedView = Detailed
.. Make sure that Active Directory site/forest containing the user mailbox has at least one local Exchange 2007 server running Exchange Availability service. Turn up logging for MSExchange Availability service and test basic network connectivity.

As I've seen requested on similar posts, here's the output of "Get-WebServicesVirtualDirectory | fl Identity,*AUTH*,*url*

[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl Identity,*AUTH*,*url*


Identity                      : <Ex-2007-CAS-Server>\EWS (Default Web Site)
CertificateAuthentication     :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication      : False
LiveIdBasicAuthentication     : False
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : False
AdfsAuthentication            : False
InternalNLBBypassUrl          : https://<Ex-2007-CAS-Server>.<domain>.edu/ews/exchange.asmx
InternalUrl                   : https://legacy.<domain>.edu/EWS/Exchange.asmx
ExternalUrl                   : https://legacy.<domain>.edu/EWS/Exchange.asmx

Identity                      : <Ex-2013-MB/CAS-Server>\EWS (Default Web Site)
CertificateAuthentication     :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : True
AdfsAuthentication            : False
InternalNLBBypassUrl          :
InternalUrl                   : https://email.<domain>.edu/EWS/Exchange.asmx
ExternalUrl                   : https://email.<domain>.edu/EWS/Exchange.asmx

For coexistence, our namespaces are:

https://email.<domain>.edu/... for Exchange 2013 (and 2007 users that are then redirected or proxied to legacy)

https://legacy.<domain>.edu/... for Exchange 2007.

https://autodiscover.<domain>.edu/Autodiscover/Autodiscover.xml (which resolves to the exchange 2013 server)

Everything else seems to be working great for coexistence ... 2007 users are redirected correctly back to the legacy namespace while 2013 users access their mailbox on the 2013 server.  2007 ActiveSync users are proxied back to the 2007 CAS while 2013 users are handled by the 2013 multi-role server.  Public folders that are still on 2007 are accessible to 2013 users.

Any Idea what I'm missing here?