CAS1 in ADSite1, this cas1 is internet facing CAS2 in ADSite2, not internet facingUSER1 have malbox on MBX2 in ADSite2 I want to User1 > CAS1 > CAS2 > MBX2 CAS1 have externall url, and certificate of our internal trusted authority.I setup on CAS2 - owa virt directory to use Windows integrated authentication, no external url. When User1 tries to log on to owa on cas1 gets: RequestUrl: https://CAS1externalurlFQDN:443/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequestUser host address: 192.168.140.195User: User1EX Address: /O=xxxd.d./OU=yyy/cn=Recipients/cn=user1SMTP Address: user1@domain.comOWA version: 8.1.240.5Second CAS for proxy: https://CAS2internalFQDN/owa ExceptionException type: Microsoft.Exchange.Clients.Owa.Core.OwaProxyExceptionException message: The CAS server is most likely not configured for SSL (it returned a 403) Call stack No callstack available Why is that?I followed steps described on technet. What am I missing?Is there some certificate missing on CAS2 ? CAS2 have its own certificate by default. Please help. Thank you.

Hi, This might help: http://technet.microsoft.com/en-us/library/bb310763.aspx Is the OWA directory on the internal CAS configured for integrated windows authentication? Leif

I read that document before and everything that I set up is like in that document. OWA directory on internal CAS (CAS2) is configured for integrated windows authentication, yes. According this document owa external url on that CAS2 should be set with "$N$Null" . When I tried to set that with shell command i get info that $N$Null is not valid, and when i set only to $Null thanit's accepted.But everything is ok with that propertie - no external url is set when I check in EMC. Any sugestion?