I used DNS Round Robin as a method to balance between (2) 2003 OWA FE
Servers.  Users almost immediately complained about being kicked out of OWA.

Errors: unable to authenticate / session has expired

One posting I read was forms-based authentication (that I use) could/is at
the center of the problem

_________________________________________________________

Forms-Based Authentication
In forms-based authentication, users are directed to a Hypertext Markup
Language (HTML) form. After the user provides credentials in the form, the
system issues a cookie containing a ticket. On subsequent requests, the
system first checks the cookie to verify if the user was already
authenticated, so that the user does not have to supply credentials again.
Advantages of forms-based authentication include the following:
Credential information is not cached on the client computer. This is
particularly important in a scenario where users are connecting to your
Outlook Web Access server from public computers. Users are required to
reauthenticate if they close the browser, log off from a session, or navigate
to another Web site.
• You can configure a maximum idle session time-out, so that if a user is
idle for a prolonged period of time, the session expires, and
reauthentication is required.
• Users cannot use the Remember my password option in Internet Explorer.
• Outlook Web Access includes optional functionality that allows a user to
change the password. If a user changes the password during an Outlook Web
Access session, the cookie provided after the user initially logged on will
no longer be valid. When forms-based authentication is configured on ISA
Server, the user who changes the password during an Outlook Web Access
session will receive the logon page the next time a request is made.
In an ISA Server 2004 Enterprise Edition scenario involving multi-server ISA
Server arrays, you must ensure that client requests for a particular session
are handled by the same array member, so that the client’s cookie is
recognized. If the request is received by a different member, the cookie will
not be recognized and the request will be dropped by that ISA Server member.
An effective way to ensure that the requests are handled by the same server
member is to enable integrated Network Load Balancing (NLB) on the ISA Server
array. For more information, see Appendix A: Configuring NLB on the ISA
Server Array
___________________________________________________________

If formed based authentication is the cause, if I switch to nlb will I still
experience issues because I don’t use ISA.

DNS round robin has been removed and owa is acting as 1 fe server and users
aren’t having the problems.

Please comment on using dns round robin and nlb (without isa), trying to
balance the owa between (2) fe servers.

Thanks.