OWA Exchange 2010 Sp2 FE not finding BE


I recently installed a new BE CAS server in a remote office.  OWA works from the BE server, but if I try to log into a user using OWA from the front end, I get the following.  I am currently going through another working BE sever to compare settings in CAS and IIS.  This user was also migrated from 2003, and it looks like the EX address is still pointing to the old 2003 server.  Any help would be appreciated.  This is the detail of the error message I get from the FE OWA:

Url: https://mail.XXX.com:443/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest
User host address:
User: lark
EX Address: /o=ccarey/ou=Mail Migration/cn=Recipients/cn=lark
SMTP Address: lark@ccareynkf.com
OWA version:
Second CAS for proxy: https://mar.ZZZZ.XXX.com/owa

Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaProxyException
Exception message: The proxy CAS failed to authenticate to the second CAS (it returned a 401)

Call stack
No callstack available

Inner Exception
Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaAsyncOperationException
Exception message: ProxyPingRequest async operation failed

Call stack
Microsoft.Exchange.Clients.Owa.Core.ProxyPingRequest.EndSend(IAsyncResult asyncResult)
Microsoft.Exchange.Clients.Owa.Core.ProxyEventHandler.SendProxyPingRequestCallback(IAsyncResult asyncResult)

Inner Exception
Exception type: System.Net.WebException
Exception message: The remote server returned an error: (401) Unauthorized.

Call stack
System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
Microsoft.Exchange.Clients.Owa.Core.ProxyUtilities.EndGetResponse(HttpWebRequest request, IAsyncResult asyncResult, Stopwatch requestClock)
Microsoft.Exchange.Clients.Owa.Core.ProxyPingRequest.GetResponseCallback(IAsyncResult asyncResult)

Thank you for any assistance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I guess what your saying to EX address is the LegacyExchangeDN and its doesnt changes if you do a intra forest Migrations or movements :)

Now speaking about OWA ... you say you can browse OWA on the BE machine .... but if you Open OWA on the internet it does not Proxy to BE server ?
Where is the Users Mailbox and how are your trying to access OWA from FE to try open BE OWA ??

- Rancy
Simon Butler (Sembee)ConsultantCommented:
Frontend? Backend? No such thing with Exchange 2010.
There is the CAS role only.

Your CAS-CAS proxy isn't working correctly - do other users work?
What was the reason for putting a CAS only server in the remote office? Do you not have mailboxes there?

coyotejeffAuthor Commented:
Sorry, I am still learning 2010.  We have 12 Offices, the 2010 CAS server that is internet facing is able to use OWA to connect to 10 of the other offices, each running 2010 with CAS, Mailbox, and Hub transport.

One site is unable to use OWA through the internet facing CAS server.  I compared all of the settings from a working Exchange 2010 from EMC and IIS, and they are identical.

Rancy:  Yes, from the "BE" server, OWA works, it's just when from the "FE" server I get that error.  I am using BE and FE here just as a frame of reference for me.

Thank you.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Are all the Microsoft Services running on the affected server ?
Is there a user in that 12th Office ... i mean his Mailbox is on the same server ?


- Rancy

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
coyotejeffAuthor Commented:
There is a mailbox on the affected server.  I will read through these articles and report back.

Thank you.
Chuck the ideas of BE and FE forever on this thread - there is no such thing.

Now, to answer your query - concentrate your thoughts on this error

Exception message: The proxy CAS failed to authenticate to the second CAS (it returned a 401)

Call stack
No callstack available

Inner Exception
Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaAsyncOperationException
Exception message: ProxyPingRequest async operation failed

Is this site having a CAS that is non-internet facing CAS box?
Is this site talking to a CAS Server that is internet facing and having network issues?
Is there a ISA/TMG in between your sites?
Can users access another internet-face site CAS box and open webmail via it?

Please provide answers to the above questions, for us to help you better.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.