We were running Exchange 2013 fine with a single Server running both the Mailbox role and the CAS role. We added a 2nd server and setup a DAG. That went smoothly and everything worked properly. Now we added the CAS role to the 2nd server and now randomly autodiscover is pointing Outlook clients at the newer CAS server but with NTLM as auth instead of Negotiate and SSL is off instead of On.
However I have tried changing the settings to no avail to either a) get everything to only go back to the original CAS server or to b) change the auth method for the new CAS server to match that of the old server so all client settings continue to work.
Currently, a user opens outlook and if they get the newer CAS server, the ssl is off and NTLM is the auth setting which ends up causing everything to not connect. If we go under Control Panel -> Mail and change their account to use SSL and negotiate auth, it works for a bit until it re-autodiscovers and sets the settings again.
Where do I need to go to set this?
Thanks!