We have 3 Exchange 2016 on server 2012 r2 with the latest CU/ SU patches. Using a DAG environment with non modern hybrid configuration. For loadbalancing we are using F5 with SSL bridging. After Enabling the Enhanced Protection features. We started having problems with trying to enabling/disabling UM for users through the admin console. We receive a 401 unauthorized error message. The weird thing is that this only happens to users that are in a database that are mounted on either 2 of the 3 exchange servers. If anyone is mounted on a database that is mounted on the 1st server this is not an issue. If i mount the database to the first server, i am able to modify the users UM settings. I am not sure as to what is causing 1 out of the 3 servers to work as intended after the Extended Protection was enabled. In order to try and remedy this, i disabled the Extended protection for the EWS directory both back-end and front-end. Doing this fixed the issue but i feel like something isnt configured properly because it did work on the 1st server. Has anyone else come across this issue?