Solved

OWA 2000 Force SSL Encryption Not Working

Posted on 2003-10-26
3
699 Views
Last Modified: 2012-08-14
I have recently deployed Exchange 2000, with the Exchange 2000 installation on one server (back-end) and an OWA 2000 installation on another server (front-end). I have implemented SSL on the OWA 2000 server, and it is working fine (ie I can successfully logon to test accounts with OWA via https:\\servername\exchange). Additionally, I wanted to force SSL encryption from a user's http request - the Force SSL Encryption instructions in KB279681 are not working. No matter what combination of changes I have attempted, when I use http:\\servername\exchange I get the standard 403.4 error.
 
I have successfully implemented the instructions in KB279681 on our existing messaging system, Exchange 5.5 on Windows 2000 Advanced Server using SSL, and forcing SSL encryption is working fine on the existing messaging system.
 
So far, I have tried:
 
1.  Recreating the owahttps.asp document
2.  Copying the functioning owahttps.asp document from our Exchange 5.5 system to the OWA 2000 system to see if it works (it doesn't)
3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server.
 
The properties pages match up closely enough from the old system (Exchange 5.5\Windows 2000 Advanced\IIS 5.0) to the new system (Exchange 2000\Windows 2000 Advanced\IIS5.0) - any possible conflicts or problems from the properties pages are not readily apparent.
 
Has anybody resolved this problem before?
 
Thanks
0
Comment
Question by:jaisbell
  • 2
3 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9626774
Is it finding the FQDN of your BE server cleanly? I would assume so, since it works with basic, just checking. your FE is point to internal DNS?

"3.  Applied owahttps.asp to both the Default Web Site\custom errors and Exchweb virtual directory\custom errors on the OWA server."

In the article it speaks of the Exchange directory, not Exchweb: "NOTE: The Exchange folder is the only folder that needs to have the Required setting selected for OWA to require SSL. If you have other folders that need to be required, to allow for the HTTP request, verify that the OWAasp folder does not have the requirement set."

Is all that set cleanly? Just double checking what you've already done, this looks like we're missing something simple.

D
0
 

Author Comment

by:jaisbell
ID: 9642987
I have found SSL installation instructions with screenshots on the web - the problem is the Exchange virtual directory (as you noted in paragraph 3 above - I assumed the reference to an Exchange virtual directory was incorrect for an FE server).

In ISM, the public, Exchange, and Exadmin virtual directories all show error, even though some installation instructions indicate this is normal - apparently, I need the Exchange virtual directory on the FE server to run normally in order to apply this force encryption.

The error messages for these virtual directories will not change no matter what combination of services I start.

Any ideas why these 3 virtual directories would be stopped after a normal installation?

j
0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 250 total points
ID: 9643025
It's always been a problem with dependencies. I've never fixed it, only gotten around it. On the server in question, stop and start the default web site, then refresh the view. All 3 directories should show up in the IIS amanger at that point. If not, then there's another problem.

D
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question