• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 927
  • Last Modified:

Cas Proxying error.

I´m having this error on my CAS, this is the scenario:

1 CAS, webmail.contoso.com (cas1.contoso.com);
2 mailbox server srv1.contoso.com & srv2.contosol.com

If i have a mailbox on srv1, then i can access the email via OWA, but if the mailbox on srv2, then i get this error:

Outlook Web Access is not currently available for the user mailbox that you are trying to access. If the problem continues, contact technical support for your organization and tell them the following: Outlook Web Access could not establish a Secure Sockets Layer (SSL) connection to the Microsoft Exchange Client Access server that should be used to access the mailbox.

Url: https://webmail.contoso.com:443/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest
User host address:
User: User
EX Address: /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=xxxx
SMTP Address: user@contoso.com
OWA version: 8.1.359.2
Second CAS for proxy: https://srv2.contoso.com/owa

Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaProxyException
Exception message: The CAS server is most likely not configured for SSL (it returned a 403)

Call stack

No callstack available


on the Cas server i view this errors on eventvwr:

Event Type:      Error
Event Source:      MSExchange OWA
Event Category:      Proxy
Event ID:      42
Date:            12-04-2010
Time:            8:54:44
User:            N/A
Computer:      cas
Microsoft Exchange Client Access server "https://webmail.contoso.com/owa" attempted to proxy Outlook Web Access traffic to Client Access server "https://srv2.contoso.com/owa". This failed because one of these configuration problems was encountered:

1. "https://srv2.contoso.com/owa" has been set to use "http://" (not using SSL) instead of "https://" (using SSL). You can modify this by setting the InternalUrl parameter of the Outlook Web Access virtual directory this proxy traffic is going to. You can set that parameter using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell.

2. The destination virtual directory returned an HTTP 403 error code. This usually means it is not configured to accept SSL access. You can change this configuration by using Internet Services Manager on the Client Access server "https://srv2.contoso.com/owa".

If you do not want this proxy connection to use SSL, you need to set the registry key "AllowProxyingWithoutSSL" on this Client Access server and set the InternalUrl and SSL settings for the Outlook Web Access virtual directory this proxy traffic is going to accordingly.      

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

i have https, configured on the srv2.contoso.com;
i have https, configured on iis on the server srv2.contoso.com.

Any more ideias?

  • 2
  • 2
1 Solution
do you have CAS role installed on server 2?
duartelazaroAuthor Commented:

[PS] C:\>Get-ExchangeServer | fl name,serverrole

Name       : srv2
ServerRole : Mailbox, ClientAccess, HubTransport

if i go to https://srv2.contoso.com/owa/, i can access the mailbox, but if i try to access via CAS server, i got the error.

well remove CAS role from server2 this will solve your issue,

I assume the 3 servers are in the same AD site
duartelazaroAuthor Commented:

cas and srv1 are in the same site.

srv2 is on another site.

the problem was that cas server had "domain admin" permissions ??!?!

Problem Solved.

Duarte Lazaro
When you say the "cas server had domain rights" where did you see that and what did you do to fix it?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now