After installing everything I decided to give the tutorial a whirl that explains how to have both OWA with SSL and OMA (RPC over HTTP) going on the same IP. I think Tom wrote it. After I read through it and follow the instructions, applied everything, it worked without a hitch, one week later while I am at a clients I go to access it my OWA page of course using https and I get as far as the cert request popping up but not the OWA login page, instead I get the Forbidden page of DEATH. :( After looking at Exchange and not seeing anything wrong with it, and looking at ISA an determining the only thing I can see wrong is when the cert is requested on 443 the next thing it does is access the SSLserver on port 80 which its denied for some reason, so I tried removing the three rules; rebooting ISA; and adding the rule which MS recommends for OWA with SSL on ISA 2004 Server and the same thing happens; port 80 is denied to the SSLserver in the ISA logs, and after the cert verification box pops up what comes after it is the Forbidden page of DEATH. I also tried setting a rule to Publish Cert Environment Website and got the same results. I wonder if anyone has any good, genius suggestions? :) Thanks Andrew