Released: April 2024 Exchange Server Hotfix Updates

Kinimod622 , ceantuco , it does not look like you have a Content Security Policy configured.  It would be an additional custom header named "Custom-Security-Policy" (or it's a meta tag in actual Exchange web pages, which I do not recommend modifying).

That said, CSP seems to be an additional security feature, so I don't believe it's even necessary (and if you don't have one defined, then it's likely not the cause).

Perhaps run this command:

Get-OwaVirtualDirectory | fl InternalUrl, ExternalUrl, ExternalDownloadHostName, InternalDownloadHostName

Don't post the results here, but:

1. Is your InternalUrl correct?  Does your internal DNS have an "A" record for the hostname defined in InternalUrl and is it pointing to the proper IP[s]?
2. Is your ExternalUrl correct?  Does your external DNS have an "A" record for the hostname defined in ExternalUrl and is it pointing to the proper IP[s]?
3. Is your InternalDownloadHostName correct AND different from your InternalUrl's hostname?  Does your internal DNS have the hostname defined in this URL and is it a CNAME pointing to the InternalUrl hostname?  ("A" records might work, but docs say CNAME...)
4. Is your ExternalDownloadHostName correct AND different from your ExternalUrl's hostname?  Does your external DNS have the hostname defined in this URL and is it a CNAME pointing to the ExternalUrl hostname?  ("A" records might work, but docs say CNAME...)
5. Do you have port-forwarding and/or "Virtual IP's" setup properly on your router/firewall for both External hostnames above?
6. Is your Download Domain hostname included as a Subject Alternate Name in your SSL certificate OR do you have a wildcard certificate?
7. Have you run the HealthChecker - Microsoft - CSS-Exchange powershell script?  It might point you in the right direction.
8. Have you reviewed the console output of your browser when trying to access OWA?

Again, this is not a support forum, but I would check the above.