Solved

OWA 2000 Force SSL Encryption Not Working

Posted on 2003-10-26
3
673 Views
Last Modified: 2012-08-14
I have recently deployed Exchange 2000, with the Exchange 2000 installation on one server (back-end) and an OWA 2000 installation on another server (front-end). I have implemented SSL on the OWA 2000 server, and it is working fine (ie I can successfully logon to test accounts with OWA via https:\\servername\exchange). Additionally, I wanted to force SSL encryption from a user's http request - the Force SSL Encryption instructions in KB279681 are not working. No matter what combination of changes I have attempted, when I use http:\\servername\exchange I get the standard 403.4 error.
 
I have successfully implemented the instructions in KB279681 on our existing messaging system, Exchange 5.5 on Windows 2000 Advanced Server using SSL, and forcing SSL encryption is working fine on the existing messaging system.
 
So far, I have tried:
 
1.  Recreating the owahttps.asp document
2.  Copying the functioning owahttps.asp document from our Exchange 5.5 system to the OWA 2000 system to see if it works (it doesn't)
3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server.
 
The properties pages match up closely enough from the old system (Exchange 5.5\Windows 2000 Advanced\IIS 5.0) to the new system (Exchange 2000\Windows 2000 Advanced\IIS5.0) - any possible conflicts or problems from the properties pages are not readily apparent.
 
Has anybody resolved this problem before?
 
Thanks
0
Comment
Question by:jaisbell
  • 2
3 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9626774
Is it finding the FQDN of your BE server cleanly? I would assume so, since it works with basic, just checking. your FE is point to internal DNS?

"3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server."

In the article it speaks of the Exchange directory, not Exchweb: "NOTE: The Exchange folder is the only folder that needs to have the Required setting selected for OWA to require SSL. If you have other folders that need to be required, to allow for the HTTP request, verify that the OWAasp folder does not have the requirement set."

Is all that set cleanly? Just double checking what you've already done, this looks like we're missing something simple.

D
0
 

Author Comment

by:jaisbell
ID: 9642987
I have found SSL installation instructions with screenshots on the web - the problem is the Exchange virtual directory (as you noted in paragraph 3 above - I assumed the reference to an Exchange virtual directory was incorrect for an FE server).

In ISM, the public, Exchange, and Exadmin virtual directories all show error, even though some installation instructions indicate this is normal - apparently, I need the Exchange virtual directory on the FE server to run normally in order to apply this force encryption.

The error messages for these virtual directories will not change no matter what combination of services I start.

Any ideas why these 3 virtual directories would be stopped after a normal installation?

j
0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 250 total points
ID: 9643025
It's always been a problem with dependencies. I've never fixed it, only gotten around it. On the server in question, stop and start the default web site, then refresh the view. All 3 directories should show up in the IIS amanger at that point. If not, then there's another problem.

D
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now