Agggggggg this is damm anoying but I managed to work it out. Basically I have the following:
DMZ – HUB01, CAS01 – HUB02, CAS02, MBX
HUB01 and CAS01 are in one AD site and HUB02, CAS02 and MBX are in another.
Mail flow works fine and all I wanted was to connect to CAS01 and get redirected to CAS02.
Simple you would think, well so did I, but if I used OWA to CAS01 it doesn’t redirect me to CAS02
I get this error on CAS01
Event Type: Error
Event Source: MSExchange OWA
Event Category: Proxy
Event ID: 41
The Microsoft Exchange Client Access server “https://CAS01/owa” attempted to
proxy Outlook Web Access traffic for mailbox “/o=MyOrg/ou=Exchange
Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Administrator”. This
failed because no Client Access server with an Outlook Web Access virtual
directory configured for Kerberos authentication could be found in the
Active Directory site of the mailbox. The simplest way to configure an
Outlook Web Access virtual directory for Kerberos authentication is to set
it to use Windows Integrated authentication by using the
Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, or by using
the Exchange Management Console. If you already have a Client Access server
deployed in the target Active Directory site with an Outlook Web Access
virtual directory configured for Kerberos authentication, the proxying
Client Access server may not be finding that target Client Access server
because it does not have an internalUrl parameter configured. You can
configure the internalUrl parameter for the Outlook Web Access virtual
directory on the Client Access server in the target Active Directory site by
using the Set-OwaVirtualDirectory cmdlet.
CAS02 has FBA turned off and windows integrated set. I could connect direct to CAS02 :-|
Do you know what it was. I ran my little script I blogged earlier and saw that one of my CAS boxes didn’t have Update Rollup 1 or 2. So I applied it and now it all works.