You look to be in case 2 from
this article, based on the assumption that the mailbox of the account logging in is actually hosted on a mailbox database being active in an AD site containing an Exchange 2013 CAS with the ExternalURL stamped:
"For Outlook Web App requests, if the mailboxs location is determined to be in another Active Directory site and there are CAS2013 members in that site that have the ExternalURL populated, then the originating CAS will redirect the request unless the
ExternalURL in the target site is the same as in the originating site in which case CAS will proxy (this is the multiple site single namespace scenario)."
This would mean that your external domain is not reachable by the internal clients. Please note that "Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain
DNS infrastructure enables different IP addresses to be returned for a given namespace based on where the client resides if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the
IP address of the external gateway/firewall is returned." - mentioned
here (the article belongs to an excellent series of Exchange Server 2013 planning documentation).
You can avoid the error altogether by setting the ExternalURL against the DR CAS to be the same value as the one in your Internet-facing "main" site, but that would defeat the whole purpose of setting up a DR site.