Basically, when using the logoff icon within OWA, you receive a http 500 error message. This is typically, although not always caused by creating a separate IIS Virtual Directory instance for OWA.
From within the properties of the Virtual Directory instance, under Home Page, be sure to Create an Application Pool, set “Script Only” access, and set to High Security.
You should be all set, however a word of caution. The OWA 2000 page is simply a page which says “you must close Internet Explorer” to really log off, and simply click this link to close your IE window. However, that’s it. If you don’t really close IE, you can simply go back into OWA without any problems or security. Also, as I recall, OWA never times out either, so by default you can leave OWA open indefinitely without problems.