Tom, Why then if I turn the cache off that I get "page can not be displayed" when I go to https: my mail server? It has a big part in it, remember Microsoft wrote the rules here, they should know it's their product! :-) If someone where to write their ISA 2004 cert (if it exists) and on it they were asked about doing OWA SSL and the choices were your method, Microsoft's method, and a totally incorrect method. The person choose your method they would answer it wrong. This is the Microsoft way: http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing .mspx I started the whole thing from scratch doing it this way on the ISA server, which worked first time around on both my LAN and WAN. Then I started making changes to the ISA OWA publish rule to match yours in ISA2k4EXCHkit Chapter 10 including adding the Enrollment rule which made very little difference if anything at all. Then since I was having troubles getting the SSL port to stick on my virtual server I found some guys blog online which clearly explains how to add the SSL port to your virtual servers, so I removed the certs from the virtual server, deleted, and followed the rules from scratch making a new certs, and giving the virtual server its SSL port. Plus I knew already that I had to copy the certs to ISA and add it into the certs; I removed the old one from personal first before installing the new; then fixed the OWA SSL Listener up with the new certs. Somewhere in the time I was doing this it dawned on me how virtual servers work. When you create a virtual server it puts ExchWeb in your new virtual server which you can only see under IIS. Exchange is actually there but in the /* folder. So I changed OWA publishing path to /*. At this point I killed the cache and found that I could not access OWA via the LAN or WAN anymore, sure I could get the cert which is no big deal but after the cert I would get "page can not be displayed". It was only when I turned on caching again pointing it to /* because for some reason it didn't like the Microsoft was of /exchweb/* and /exchweb/img/* (plan to test again) everything started working again. The next problem I ran into was the logout window one gets when they close their OWA screen without clicking on the logout button in OWA. Because there was no /exchange it was presenting me with a problem, when you close the window it jump to /exchange before jumping back / and so when I created the /exchange folder in the EVS (which points to the same info that the virtual server does if you look at the properties of the EVS and home directory.. you can see it points to the same \\.\backoffice\....\MBX <file:///\\.\backoffice\....\MBX> that /exchange points to.) and when I closed the window it took forever to see the OWA Outlook logout graphic. It was only when I added /exchange/* to the cache did it fly through when it was required to open and display. I think I still have my testuser account setup Tom if you want to check it out. Login: testuser@xxxxxxxxxxxxxxxxxxxxxx Pass: hiway!9824 Also one thing I noticed that makes a big difference in performance is the 128bit encryption. Microsoft's guide only wants to you enable "Required Secure Channel (SSL)" on your OWA site, were you want people to also enable the 128bit encryption. Little to do they know enabling the 128bit encryption slows down OWA quite a bit. Also the person who wrote the blog on setting EVS only suggested you use the required secure channel (SSL) on the EVS. What is the key difference here? I am doing this all on an Exchange Virtual Server were your documentation, which is quite different than Microsoft's, is for a Exchange server which is running on a DC and its using the default site. Oh and the fact that I followed Microsoft's notes and enabled caching. (I am nuking this bottom of this thread because I am sure this message is more than the legal limit of 30k.) Andrew