We have two servers in our CAS, load balanced by a hardware barracuda in single arm route-path mode. 192.168.10.2 is the address to the HLB 192.168.10.3 is the address to Exchange1 192.168.10.4 is the address to Exchange2 Both Exchange1 and Exchange2 also have all of the other roles installed: hub transport and DAG. Occasionally when a client disconnects from the network and reconnects, or a database switch over occurs, clients are prompted by Outlook to reauthenticate. I did a packet capture on my PC and disconnected my NIC, waited for outlook to disconnect, then plugged it back in to see what happens when it asks for my password. I have noticed a DCE/RPC packet from 192.168.10.2 with 192.168.10.3's address in the packet data. I then looked at netstat and noticed my PC is connected to both .2 and .3. Since the HLB is configured to do TCP Proxying with L7 SSL offloading, I thought that all communications between clients and the exchange servers were supposed to terminate at the HLB, and the HLB would create a backend unencrypted connection to one of the CAS servers. What is going on here?