• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 729
  • Last Modified:

OWA 2000 Force SSL Encryption Not Working

I have recently deployed Exchange 2000, with the Exchange 2000 installation on one server (back-end) and an OWA 2000 installation on another server (front-end). I have implemented SSL on the OWA 2000 server, and it is working fine (ie I can successfully logon to test accounts with OWA via https:\\servername\exchange). Additionally, I wanted to force SSL encryption from a user's http request - the Force SSL Encryption instructions in KB279681 are not working. No matter what combination of changes I have attempted, when I use http:\\servername\exchange I get the standard 403.4 error.
 
I have successfully implemented the instructions in KB279681 on our existing messaging system, Exchange 5.5 on Windows 2000 Advanced Server using SSL, and forcing SSL encryption is working fine on the existing messaging system.
 
So far, I have tried:
 
1.  Recreating the owahttps.asp document
2.  Copying the functioning owahttps.asp document from our Exchange 5.5 system to the OWA 2000 system to see if it works (it doesn't)
3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server.
 
The properties pages match up closely enough from the old system (Exchange 5.5\Windows 2000 Advanced\IIS 5.0) to the new system (Exchange 2000\Windows 2000 Advanced\IIS5.0) - any possible conflicts or problems from the properties pages are not readily apparent.
 
Has anybody resolved this problem before?
 
Thanks
0
jaisbell
Asked:
jaisbell
  • 2
1 Solution
 
David WilhoitSenior Consultant, ExchangeCommented:
Is it finding the FQDN of your BE server cleanly? I would assume so, since it works with basic, just checking. your FE is point to internal DNS?

"3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server."

In the article it speaks of the Exchange directory, not Exchweb: "NOTE: The Exchange folder is the only folder that needs to have the Required setting selected for OWA to require SSL. If you have other folders that need to be required, to allow for the HTTP request, verify that the OWAasp folder does not have the requirement set."

Is all that set cleanly? Just double checking what you've already done, this looks like we're missing something simple.

D
0
 
jaisbellAuthor Commented:
I have found SSL installation instructions with screenshots on the web - the problem is the Exchange virtual directory (as you noted in paragraph 3 above - I assumed the reference to an Exchange virtual directory was incorrect for an FE server).

In ISM, the public, Exchange, and Exadmin virtual directories all show error, even though some installation instructions indicate this is normal - apparently, I need the Exchange virtual directory on the FE server to run normally in order to apply this force encryption.

The error messages for these virtual directories will not change no matter what combination of services I start.

Any ideas why these 3 virtual directories would be stopped after a normal installation?

j
0
 
David WilhoitSenior Consultant, ExchangeCommented:
It's always been a problem with dependencies. I've never fixed it, only gotten around it. On the server in question, stop and start the default web site, then refresh the view. All 3 directories should show up in the IIS amanger at that point. If not, then there's another problem.

D
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now