You have two sites, site1 and site2. Both sites have an exchange 2003 server holding user mailboxes. The network consists of a single active directory domain. Both servers are running outlook web access. There is one external dns name mail.mydomain.com that people use to access OWA. This DNS address can only point to one A record, which is going to be the public IP address of just one of the offices - say lets point it to site1. If a user has a mailbox in site2, accesses https://mail.mydomain.com/exchange and logs in with his username and password he will recieve the following error:
The error will vary depending on browser etc.. I'm accessing my internet through a squid proxy.
This error is because the server your accessing it through is not a front end servers. Front end servers determine which mailbox server to give the request to by determining the location of the users mailbox. The front end in effect acts as a proxy, and handles all SSL authenitcation requests from internet users taking load of the backend servers.
The only way to get the above scenario going without a front end is to have two different public dns records on the internet pointing to each office, and have site1 users access the OWA using the site1 public url, and site2 users access the OWA using the site2 public url.