Exchange 2010 OWA CAS Proxy

Hi all and thanks for any assistance you might be able to give me.

I have exchange 2010 - 2 CAS mailbox servers in 2 locations - same domain - DC's in both locations.  We had an outage and my webmail seems to be hosed.  Site A is internet facing Site B is not.  All webmail access goes through site A - my setup before would proxy back to the first server and load the mailbox.  It now appears to have lost permissions.  here is the error I get when i try to login externally... im sure youll need more info just ask away :) and thanks again

User host address: x.x.x.x
User: xxxx,xxxx
EX Address: /o=xxxxxxxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=xx, xx
SMTP Address:
OWA version: 14.0.702.0
Second CAS for proxy: https://internaladdress

Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaProxyException
Exception message: The proxy CAS failed to authenticate to the second CAS (it returned a 401)

Call stack

No callstack available

Inner Exception
Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaAsyncOperationException
Exception message: ProxyPingRequest async operation failed

Call stack

Microsoft.Exchange.Clients.Owa.Core.ProxyPingRequest.EndSend(IAsyncResult asyncResult)
Microsoft.Exchange.Clients.Owa.Core.ProxyEventHandler.SendProxyPingRequestCallback(IAsyncResult asyncResult)

Inner Exception
Exception type: System.Net.WebException
Exception message: The remote server returned an error: (401) Unauthorized.

Call stack

System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
Microsoft.Exchange.Clients.Owa.Core.ProxyUtilities.EndGetResponse(HttpWebRequest request, IAsyncResult asyncResult, Stopwatch requestClock)
Microsoft.Exchange.Clients.Owa.Core.ProxyPingRequest.GetResponseCallback(IAsyncResult asyncResult)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

techlindenAuthor Commented:
All functions fine if i mount the databases at site A.  If i mount in site B, thats where the error comes in
Glen KnightCommented:
a couple of things to check.
First is the time the same on all servers?

Have you got the internel URL configured on the internet facing CAS to go to the non-internet facing CAS?

Can you ping the servers from each other?
Jamie McKillopIT ManagerCommented:

On the second CAS server, ensure that Integrated Authentication is turned on on the OWA virtual directory.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
on the fail\fallback server,do you have the ssl certificates configured?
Can you double-check if they are assigned properly on the "Default Web Site"
What was the solution to this problem as I have the exact same issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.