Cas Proxying error.

I´m having this error on my CAS, this is the scenario:

1 CAS, webmail.contoso.com (cas1.contoso.com);
2 mailbox server srv1.contoso.com & srv2.contosol.com

If i have a mailbox on srv1, then i can access the email via OWA, but if the mailbox on srv2, then i get this error:

Outlook Web Access is not currently available for the user mailbox that you are trying to access. If the problem continues, contact technical support for your organization and tell them the following: Outlook Web Access could not establish a Secure Sockets Layer (SSL) connection to the Microsoft Exchange Client Access server that should be used to access the mailbox.

Request
Url: https://webmail.contoso.com:443/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest
User host address: 10.0.0.1
User: User
EX Address: /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=xxxx
SMTP Address: user@contoso.com
OWA version: 8.1.359.2
Second CAS for proxy: https://srv2.contoso.com/owa

Exception
Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaProxyException
Exception message: The CAS server is most likely not configured for SSL (it returned a 403)

Call stack

No callstack available

-----------------------

on the Cas server i view this errors on eventvwr:

Event Type:      Error
Event Source:      MSExchange OWA
Event Category:      Proxy
Event ID:      42
Date:            12-04-2010
Time:            8:54:44
User:            N/A
Computer:      cas
Description:
Microsoft Exchange Client Access server "https://webmail.contoso.com/owa" attempted to proxy Outlook Web Access traffic to Client Access server "https://srv2.contoso.com/owa". This failed because one of these configuration problems was encountered:

1. "https://srv2.contoso.com/owa" has been set to use "http://" (not using SSL) instead of "https://" (using SSL). You can modify this by setting the InternalUrl parameter of the Outlook Web Access virtual directory this proxy traffic is going to. You can set that parameter using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell.

2. The destination virtual directory returned an HTTP 403 error code. This usually means it is not configured to accept SSL access. You can change this configuration by using Internet Services Manager on the Client Access server "https://srv2.contoso.com/owa".

If you do not want this proxy connection to use SSL, you need to set the registry key "AllowProxyingWithoutSSL" on this Client Access server and set the InternalUrl and SSL settings for the Outlook Web Access virtual directory this proxy traffic is going to accordingly.      

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------
i have https, configured on the srv2.contoso.com;
i have https, configured on iis on the server srv2.contoso.com.

Any more ideias?

Thanks,
Duarte
duartelazaroAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkhaterCommented:
do you have CAS role installed on server 2?
0
duartelazaroAuthor Commented:
Yes,

[PS] C:\>Get-ExchangeServer | fl name,serverrole


Name       : srv2
ServerRole : Mailbox, ClientAccess, HubTransport

if i go to https://srv2.contoso.com/owa/, i can access the mailbox, but if i try to access via CAS server, i got the error.

Thanks,
Duarte
0
AkhaterCommented:
well remove CAS role from server2 this will solve your issue,


I assume the 3 servers are in the same AD site
0
duartelazaroAuthor Commented:
hi,

cas and srv1 are in the same site.

srv2 is on another site.

the problem was that cas server had "domain admin" permissions ??!?!

Problem Solved.

Thanks,
Duarte Lazaro
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PCMITCommented:
When you say the "cas server had domain rights" where did you see that and what did you do to fix it?

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.