The back-end URL does not have to be publicly accessible, it does not even have to be the address that you've defined in you OWA properties for your CAS.

In my Exchange environment I have the Internal URL defined for OWA as http://owa.domain.local/owa; I do not have the External URL defined, though I'm not sure it would matter if I did.

On my SA, I am NOT referencing the Internal URL, but I am referencing the server directly. So, my virtual host name is "autodiscover.domain.com" and the backend URL is http://cas01.domain.local:80/*.

iphones are configured to hit the virtual host url, the SA then proxies the request through to my CAS. Make sense?

Makes perfect sense, and that's what I'm trying to do but it isn't working...

When I setup the backend url using our internal domain name (http://server.mydomain.local:80/*), the client browser errors out and explicitly states that it can't connect to the internal server and displays http://server.mydomain.local in the error message. So, it is obviously sending the client the internal back-end url that is configured.

In fact, the documentation even says that it redirects the client to the backend URL:

1. In the Backend URL field, enter the URL for the remote server. You must specify the protocol, hostname and port of the server. For example, http://www.mydomain.com:8080/*.

When requests match the hostname in the Virtual Hostname field, the request is transformed to the URL specified in the Backend URL field. The client is directed to the backend URL unaware of the redirect.

Is there another setting I'm missing?

Hi all, I'm having the same issue :

my direct link to the owa is - owa.mydomain.com/owa

however the IVE cannot deal with the URI - /owa

any workaround for this?

Yes, the internal URL works internally. I think part of the problem was that I was initially testing on 2003, which didn't work. When I switched to test on my CAS server, it worked as expected (I could access OWA).

But, even though OWA works, activesync isn't working at all...

UPDATE: Turns out my problems were cert related. I turned SSL off on the OWA and activesync sites and it works.

Sorry for the back-and-forths, but are you able to hit the http(s)://autodiscover.company.com/owa virtual host from a browser, from an internet source, and are you able to log in to OWA on your CAS this way? I am able to do this, without any cert errors since I'm using a SAN cert on my SA that includes the virtual host name used for ActiveSync. I only mention this as I'm not sure if you already have your cert loaded on the SA and that it corresponds or contains the virtual host name that you and your devices are trying to hit.

Also, did you verify that the virtual host name can be resolved by internet name servers? I'm sure you have, but I thought I should ask.

If that's all cool, I'll post exactly how my SA is configured to support ActiveSync.