Hi all I hope someone could possibly help me with a couple of problems I am having with OWA on our Exchange 2003 machine. It is running on a Windows 2003 Domain controller, although it has none of the FSMO roles on it and is not a Global Catalog. We have two other Domain controllers, one of which is our Global Catalog. The domain is set to Windows 2000 Native mode and Exchange is set to Native mode also. I have installed a Certificate Authority and do have the HTTPS site up and working with forms based authentication. However, I have two minor problems I hope someone can help me with. I have created the certificate and on the Exchange server and all is fine when you go to the OWA default web page except for one thing. Since getting it all up and working no matter what I set the Exchange page in IIS security settings too I get the logon page for SSL or the standard non-forms based logon prompt for the non SSL site even when logged on to the local internal network on the Exchange server or connected in via VPN. Needless to say I didn't before? Any ideas why please and if so how I can fix it please? The only setting I have not tried is anonymous but I am not keen to enable this unless absolutely essential since this is now on our live Exchange server. Any ideas how I stop this please? Before someone quite rightly picks me up on allowing HTTP traffic I should mention that I do not allow HTTP on our Cisco PIX 515E firewall. Thus only HTTPS traffic would be able to get in. Unfortunately with only one machine for testing last time I do not know if this problem existed as the remote OWA server was the only domain member. The second is particularly strange since when I did my testing a few weeks back on my test setup it was not a problem. I have copied the certificate from the Exchange server to my local machine but despite installing it I still get the un-trusted CA warning message when I first open outlook unless I VPN in and access the Exchange server and install the certificate whilst specifying the internal IP address of the server on place of the external address when installing the certificate. Even then it only worked on the 2nd attempt? Our AD domain is a fully registered one, thus if you hadn't guessed we have split DNS and our internal mail server has a private internal address and a registered public address with our external DNS provider. I thus suspect this is a DNS issue of some type but am not quite sure what it is. Any ideas on how to stop this as not all external mail users will have anything other than OWA access. I think it may be of note that none of the internal machines on the LAN suffer from this. Then again since it is an AD Enterprise CA that is not so surprising. I would add that in both my live and test scenario's the test remote machines accessing the test server remotely were not in the Forest. Many thanks in advance. Regards, Paul Lemonidis.