We have 3 Exchange 2010 servers. 2 are in site A, 1 is in site B. Proxying is not working. Site A has Exchange connected to the internet. Site B is not connected to the Internet. On Exchange3 (the server in site B), I have modified (through the EMC) OWA and ECP to use integrated authentication. I've restarted IIS, and I still get: "Outlook Web App isn't available. If the problem continues, please contact your helpdesk." In the event logs on Exchange1 (the primary Exchange server in Site A), I get: The Client Access server "https://mail.DOMAIN.com/owa" attempted to proxy Outlook Web App traffic for mailbox "/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Test User4c5". This failed because no Client Access server with an Outlook Web App virtual directory configured for Kerberos authentication could be found in the Active Directory site of the mailbox. The simplest way to configure an Outlook Web App virtual directory for Kerberos authentication is to set it to use Integrated Windows authentication by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, or by using the Exchange Management Console. If you already have a Client Access server deployed in the target Active Directory site with an Outlook Web App virtual directory configured for Kerberos authentication, the proxying Client Access server may not be finding that target Client Access server because it does not have an internalUrl parameter configured. You can configure the internalUrl parameter for the Outlook Web App virtual directory on the Client Access server in the target Active Directory site by using the Set-OwaVirtualDirectory cmdlet. Does anyone have any suggestions on where to go next?

What SP and RU are you on pls? Can you paste the results of: Get-OwaVirtualDirectory | select Server, name, *site*, *URL* Get-ClientAccessServer | select Name, *site*, *uri* | ft -AutoSize change the domain name to be something anonymous, to contoso.com or tailspintoys.com but do it consistently pls. And have you verified that AD replication has completed between the sites after you made the authentication change? Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Hi, Please verify if configured the internalurl correctly on CAS server.CAS1 in Site A will proxy the user's request to the Client Access server that's specified by the InternalURL property. Please run set-OWAvirtualdirectory with WindowsAuthentication $true and then run IISreset /noforce. Set-OwaVirtualDirectory http://technet.microsoft.com/en-us/library/bb123515.aspx By the way, do you have firewall enabled? Did you publish OWA via ISA? Xiu Zhang TechNet Community Support

Now it is sort of resolved. I am getting a different error when I try to login via OWA: An unexpected error occurred and your request couldn't be handled. Request Url: https://mail.contoso.com:443/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest User host address: 192.168.1.33 User: Travis Newton EX Address: /o=Contoso Ltd/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=tnewton SMTP Address: TNewton@contoso.com OWA version: 14.2.283.3 Second CAS for proxy: https://exch2010-03.contoso.local/owa Exception Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaAsyncOperationException Exception message: ProxyProtocolRequest async operation failed Call stack Microsoft.Exchange.Clients.Owa.Core.ProxyProtocolRequest.EndSend(IAsyncResult asyncResult) Microsoft.Exchange.Clients.Owa.Core.ProxyEventHandler.ProxyLogonCallback(IAsyncResult asyncResult) Inner Exception Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaInvalidOperationException Exception message: Invalid user context cookie found in proxy response Call stack Microsoft.Exchange.Clients.Owa.Core.ProxyUtilities.UpdateProxyUserContextIdFromResponse(HttpWebResponse response, UserContext userContext) Microsoft.Exchange.Clients.Owa.Core.ProxyProtocolRequest.GetResponseCallback(IAsyncResult asyncResult) Looking up the exception, all I could find is relating to Exchange 2010 servers not proxying to Exchange 2007 servers. All of our servers are Exchange 2010, we have no more Exchange 2007 servers. I did try out going to https://exch2010-03.contoso.local/owa and I am able to login and access my mailbox from there, so I believe everything is configured correctly or it should have kicked something back at me or not allowed me to login.

Can you respond to the questions I asked earlier with the output and what RU you are on please? Please ensure that all servers are on the same SP & RU. Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

All servers are the same: Exchange 2010 Standard Version 14.2 (Build 247.5) Name : owa (Default Web Site) CrossSiteRedirectType : Manual WebSite : Default Web Site Url : {} Exchange2003Url : FailbackUrl : InternalUrl : https://mail.contoso.com/owa ExternalUrl : https://mail.contoso.com/owa Name : owa (Default Web Site) CrossSiteRedirectType : Manual WebSite : Default Web Site Url : {} Exchange2003Url : FailbackUrl : InternalUrl : https://mail.contoso.com/owa ExternalUrl : https://mail.contoso.com/owa Name : owa (Default Web Site) CrossSiteRedirectType : Manual WebSite : Default Web Site Url : {} Exchange2003Url : FailbackUrl : InternalUrl : https://exch2010-03.contoso.local/owa ExternalUrl : Name AutoDiscoverSiteScope AutoDiscoverServiceInternalUri ---- --------------------- ------------------------------ EXCH2010-02 {SiteA-FL} https://exch2010-02.contoso.local/Autodiscover/Autodiscover.xml EXCH2010-01 {SiteA-FL} https://exch2010-01.contoso.local/Autodiscover/Autodiscover.xml EXCH2010-03 {SiteB-FL} https://exch2010-03.contoso.local/Autodiscover/Autodiscover.xml Just an FYI, "contoso.com" is the external domain, "contoso.local" is internal only.

And they all have the same RU installed - you will not see that shown in the Exchange console - check add/remove programs pls. What is in the IIS logs on both sides when this happens? And type of logon screen do you get when you directly logon to the OWA site on the Exch2010-3 server? Does it look the same as Exch2010-01 ?Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

EXCH2010-03 does not have RU 1, the other two do. In the event logs on EXCH2010-01: Log Name: Application Source: MSExchange OWA Date: 5/9/2012 12:38:37 PM Event ID: 136 Task Category: Proxy Level: Error Keywords: Classic User: N/A Computer: EXCH2010-01.contoso.local Description: The sign-in to Outlook Web App failed. User /o=Contoso Ltd/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=tnewton has a mailbox on 14.2.247.0 server version. However, no Client Access server or front-end server with a matching version was found to handle the request. And Log Name: Application Source: MSExchange Common Date: 5/9/2012 12:38:38 PM Event ID: 4999 Task Category: General Level: Error Keywords: Classic User: N/A Computer: EXCH2010-01.contoso.local Description: Watson report about to be sent for process id: 5488, with parameters: E12, c-RTL-AMD64, 14.02.0283.003, OWA, M.E.Clients.Owa, M.E.C.O.C.ProxyUtilities.UpdateProxyUserContextIdFromResponse, M.E.C.O.Core.OwaAsyncOperationException, 413, 14.02.0283.003. ErrorReportingEnabled: False Since the authentication has been changed on EXCH2010-03 to Integrated authentication, https://exch2010-03.contoso.local/owa just promps a typical browser login window. I can login fine with my credentials and access my inbox just fine.

Since Exch2010-03 does not have RU1 installed that will break the proxy and explains the error. The cookie was changed in RU1 and that Non RU1 box does not understand it. You would be better to install RU2 on all, or at a minimum put RU1 onto Exch2010-03. Details here: http://blogs.technet.com/b/exchange/archive/2012/02/17/exchange-2010-sp2-ru1-and-cas-to-cas-proxy-incompatibility.aspx Please update, and let me know how that goes. Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Sorry about not getting back sooner - I had to wait to apply RU2 after-hours to EXCH2010-01 and EXCH2010-02. I applied it to EXCH2010-03 earlier in the day since I am the only user on that server and I got a different error message. After applying RU2, this solved the issue! Thanks!

Groovy - thanks for the confirmation! Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.