It is necessary to configure constrained delegation for use with the Enterprise Vault OWA 2007 Extensions if the mailbox being accessed is located on a server which is separate from the CAS computer, and users are authenticated to OWA using Integrated Windows Authentication (IWA).
Note that IWA is a requirement to support Client Access Server (CAS) proxying. For information on CAS proxying, see http://msexchangeteam.com/archive/2007/09/04/446918.aspx
Configuring constrained delegation requires a domain functional level of Windows Server 2003 or later. For more information about domain functional levels, see "Domain and forest functionality" in the Help and Support Center for Windows Server 2003.
For each CAS configured for IWA, perform the following steps:
Using Active Directory Users and Computers, locate the CAS computer account.
On the Delegation page, click Trust this computer for delegation to specified services only.
In the box, Enter the object names to select, type the name of an Exchange Server 2007 computer which has mailbox role installed and will be accessed through this CAS.
If the Mailbox role is clustered, be sure to use the Clustered Mailbox Server name instead of the node name.
Repeat steps 6 to 9 to add additional Exchange Server 2007 Mailbox computers that will be accessed through this CAS.
For constrained
delegation to work properly, Exchange Server 2007 computers with
Mailbox roles must have IWA enabled on the /Exchange
virtual directory.
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@systemmanager.forsenergy.ru to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.