I recently ran into an issue of a dedicated trunk in UAG not presenting the logon screen to end user for OWA unless they typed /owa or /anytexthereblahblah after the domain/trunk name. UAG was setup to do SSL offloading. All traffic to/from endpoints/UAG was https. All traffic to/from UAG/backend servers was http. Users would get an error of “You cannot access this site due to an internal error” (see screenshot below) if they just typed in the domain/trunk name. If they typed in the domain/trunk name again or refreshed the page they would then see “You are not authorized to access this application” (see screenshot below) . The trunk was setup to have the Exchange 2010 OWA application be the portal home page so when a user went to the domain/trunk name they should have been prompted for their credentials without having to add the /owa to the end of the domain/trunk name. The port number in the web servers tab of the application was set to 80. Well it turns out when the trunk was recreated for various reasons and the S was left in the application’s application URL causing these problems. Once I removed the S from the application URL and activated the configuration all was well and everything worked as expected. By default UAG still wants to connect to backend servers using secure protocols. You can change that but it needs to be done in multiple places.