Sorry for the delay, but we had to upgrade to v. 10.5.56-12 because of a crash when doing Act-Sync connections with pre-authentication. Since then it works and the loop disappeared when I fixed the pre-authentication I probably had enabled for both v-servers for owa and active-sync. To my own surprise rechecking this, I have configured to use the authentication v-server in the owa-vLoadBalancing server but not the other way round. i.e. in the AAA-Application Traffic/virtual servers I have the authorization vServer, configured to use LDAP lookup for the users credentials but neither a 401Based vServer for activeSync-Devices (I switched off because of the mentioned crash and to allow for legacy samAccountName use) nor a formBased vServer. Putting one or both of the auth-vServer here might have caused that inner loop, I guess. But I am not sure whether I solved the inner loop rather when binding the rewrite policy pol_set_pback_cookie with the owa-vServer with priority of 100 and GotoExpression END, which was not the case before.
Anyway, since June 8th the appliance is in production now and we are struggling with owa-time-outs and minor problems with mobile versions of web browsers doing owa.