Client Access server %1 tried to proxy Exchange Web Services traffic to Client Access server %2. This failed because the ...

Client Access server %1 tried to proxy Exchange Web Services traffic to Client Access server %2. This failed because the Exchange Web Services virtual directory on Client Access server %3 isn't configured for Kerberos authentication. The most simple way to configure an Exchange Web Services virtual directory for Kerberos authentication is to set the WindowsAuthentication parameter to $true using the Set-WebServicesVirtualDirectory cmdlet, or use the Exchange Management Console. If you have a Client Access server deployed in the target Active Directory site, with an Exchange Web Services virtual directory configured for Kerberos authentication on it, the proxying Client Access server may not be finding that target Client Access server because the target Client Access server doesn't have an internalNLBBypassUrl configured.  You can configure the internalNLBBypassUrl for the Exchange Web Services virtual directory on the Client Access server in the target Active Directory site by using the Set-WebServicesVirtualDirectory Exchange cmdlet.