EnableDownloadDomains blocks picures in OWA

Hi!

After read instructions for CVE-2021-1730 I enabled a third domain for attachments (attachments.domain.com). The domains are owa.domain.com, autodiscover.domain.com and attachments.domain.com. I set the values ExternalDownloadHostName and InternalDownloadHostName  on the exchange server and prepare intern and extern A-Entries for subdomain attachments. I also tried CNAME Alias.

Intern everything works perfect with the attachments domain. From extern the inline pictures are not shown in owa.

The extern structure is: DOMAIN A-Entry for attachments.domain.com with pointed to my dmz. Every HTTPS traffic is routed. In IIS i have a website for attachments.domain.com with a reverse proxy. The reverse proxy is the same for all three subdomains.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://SERVERNAME.INTERN.com/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

OWA works perfect. If I changed the download domain to autodiscover or attachments the pictures are not showing. But I can login with autodiscover or attachments to owa.

Is there anything what i can do to unblock the pictures?

Thanks and kind regards!