The very first thing the Best Practices Analyzer says wrong is that Application pool 'MSExchangeOWAAppPool' on server 'EMAIL' is configured to run under the wrong identity. 'MSExchangeOWAAppPool' should run under the 'Local System' identity.
I would like to know where this tool is getting this information? I went into IIS and verified MSExchangeOWAAppPool is running under the LocalSystem identity.
What else do I need to do? The OWA virtual directory is attached to this app pool. Things look correct so why is the BPA saying that I have an error in the configuration?