Solved

OWA 2000 Force SSL Encryption Not Working

Posted on 2003-10-26
3
718 Views
Last Modified: 2012-08-14
I have recently deployed Exchange 2000, with the Exchange 2000 installation on one server (back-end) and an OWA 2000 installation on another server (front-end). I have implemented SSL on the OWA 2000 server, and it is working fine (ie I can successfully logon to test accounts with OWA via https:\\servername\exchange). Additionally, I wanted to force SSL encryption from a user's http request - the Force SSL Encryption instructions in KB279681 are not working. No matter what combination of changes I have attempted, when I use http:\\servername\exchange I get the standard 403.4 error.
 
I have successfully implemented the instructions in KB279681 on our existing messaging system, Exchange 5.5 on Windows 2000 Advanced Server using SSL, and forcing SSL encryption is working fine on the existing messaging system.
 
So far, I have tried:
 
1.  Recreating the owahttps.asp document
2.  Copying the functioning owahttps.asp document from our Exchange 5.5 system to the OWA 2000 system to see if it works (it doesn't)
3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server.
 
The properties pages match up closely enough from the old system (Exchange 5.5\Windows 2000 Advanced\IIS 5.0) to the new system (Exchange 2000\Windows 2000 Advanced\IIS5.0) - any possible conflicts or problems from the properties pages are not readily apparent.
 
Has anybody resolved this problem before?
 
Thanks
0
Comment
Question by:jaisbell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9626774
Is it finding the FQDN of your BE server cleanly? I would assume so, since it works with basic, just checking. your FE is point to internal DNS?

"3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server."

In the article it speaks of the Exchange directory, not Exchweb: "NOTE: The Exchange folder is the only folder that needs to have the Required setting selected for OWA to require SSL. If you have other folders that need to be required, to allow for the HTTP request, verify that the OWAasp folder does not have the requirement set."

Is all that set cleanly? Just double checking what you've already done, this looks like we're missing something simple.

D
0
 

Author Comment

by:jaisbell
ID: 9642987
I have found SSL installation instructions with screenshots on the web - the problem is the Exchange virtual directory (as you noted in paragraph 3 above - I assumed the reference to an Exchange virtual directory was incorrect for an FE server).

In ISM, the public, Exchange, and Exadmin virtual directories all show error, even though some installation instructions indicate this is normal - apparently, I need the Exchange virtual directory on the FE server to run normally in order to apply this force encryption.

The error messages for these virtual directories will not change no matter what combination of services I start.

Any ideas why these 3 virtual directories would be stopped after a normal installation?

j
0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 250 total points
ID: 9643025
It's always been a problem with dependencies. I've never fixed it, only gotten around it. On the server in question, stop and start the default web site, then refresh the view. All 3 directories should show up in the IIS amanger at that point. If not, then there's another problem.

D
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question