Solved

OWA URL and Logon Screen

Posted on 2004-08-06
19
870 Views
Last Modified: 2008-02-07
Hi,

Two quick questions relating to Exchange 2003 + OWA...
1. can you change and then remove the default OWA url (/exchange) ?
I'd like tio change it to something less obvious (ie. /webmail) and then remove /exchange, so hackers don;t necessarily know it's an exchange backend.

2. When I logon to my OWA server, via a Front-end server on our DMZ, I am prompted for the name + password, before being taken to OWA. However, the prompt is a standard Windows Logon Pop-Up, and not an OWA webpage with logon.
I've seens mention, and other OWA sites on the net, where you are taken straight to the OWA Logon page and you enter your credentials and then choose Basic or Premium client.
How can I force OWA to show this screen as opposed to the Windows Credentials Pop-Up.

Thanks
Ian
0
Comment
Question by:iosys
  • 7
  • 5
  • 4
  • +1
19 Comments
 
LVL 2

Expert Comment

by:uyht
ID: 11736336
you need to select fba. it is on the exchange virtual directory properties advanced tab in esm. You have to have ssl running for this to work though. fba(forms based authentication)
0
 

Author Comment

by:iosys
ID: 11736422
To install SSL do I need to install Certificate Server ? (If yes, can I install it on the Front End Server and is there a cost)
Will all the clients need a certifivcate installing on their PC's ???
0
 
LVL 2

Expert Comment

by:uyht
ID: 11736451
you can create the cert server yourself this is a great site a tutorial. http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

It is not hard to do, i did it on a test lab and it worked very well.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11740550
To make OWA the default on a web site:

1. Start IIS Manager
2. Right click on the "Default Web Site" and choose "Properties".
3. Click on the "Home Directory" tab.
4. Change the first option to "A redirection to a URL".
5. Enter "/exchange" in to the box (minus quotes)
6. Change the entry below to "A directory below URL entered".
7. Click Apply/OK and close the IIS Manager.
8. Test.


http://www.amset.info/exchange/default-web.asp

As for SSL, while you can use your own certificate I prefer to purchase one. FreeSSL do two year certificates for US$60. This saves prompts being received when the users access the OWA URL.
It also means that you can use RPC over HTTP at a later date.

Simon.
0
 

Author Comment

by:iosys
ID: 11750523
I don't want OWA to be the default page on the website, what I want to do is change the OWA URL from /exchange to /webmail.

That way, if someone is trawling sites on the net looking for vulnerable Exchange sites (ie. searching for /exchange on a site and seeing if they get an OWA prompt) they won;t find mine !

Cheers
Ian
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11754687
Oh.
It isn't easy to do that. It may work by removing the Exchange virtual folders and then recreating them with the correct paths. It isn't something I have done before - and isn't something I have been too worried about.

However OWA would not be the first way I would go looking for an Exchange server on the Internet. FBA isn't heavily used yet - many people don't even know that it is there.

If I was looking for Exchange servers I would be looking at the SMTP banner. This tells you not only that it is Exchange but also which version.

Simon.
0
 
LVL 2

Expert Comment

by:uyht
ID: 11755263
All you have to do is  put a redirect so if you had www.whatever.com/exchange just change to www.whatever.com/webmail and then inside the webmail folder you could have a redirect to your exchange folder. That way you could apply ntfs security on the webmail folder and limit access that way. But I am not sure how you would close down the exchange folder so no one got to it if you are running this box out of a firwall
0
 

Author Comment

by:iosys
ID: 11781526
Ok, here's where we are so far ...

Created a certificate
Installed that on the Front End Server

Setup /exchange and /public to use SSL (128bit)

Setup ESM to use FBA with High compression.

Enter: http://www.frontlione.ltd.uk/exchange - receive message that bneed to use https (so far so good)
Enter: https://www.frontline.ltd.uk/exchange - receive Page not found error
So, tried using the internal IP address of the Front End Server, and still get the Page Not Found error.

Any ideas ? What page actually hold the FBA Logon page - need to check it's there !

Ian
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Expert Comment

by:uyht
ID: 11782080
what athentication settings are you using?
0
 

Author Comment

by:iosys
ID: 11782108
Integrated Windows and Basic

If I goto http://www.frontline.ltd.uk I get a totally blank page, as I should do (This is my page)
If I switch on SSL / FBA and goto https://www.frontline.ltd.uk I get the 'Page not found' error

Looks like a certificate or security problem.

Does anyone have a document on setting up OWA with SSL, FBA and a Front-End Server (ie. what you set on each of the 2 boxes)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11783413
Go back to basics first.
On the Exchange backend server itself, enter http://localhost and see what happens.
Then do the same with https if the SSL certificate is installed there.
Repeat with the frontend.

Simon.
0
 

Author Comment

by:iosys
ID: 11783534
On the Backend ...
http://localhost - Page displays ok
https://localhost - The Page Cannot Be Displayed (SSL certificate isn't installed on the backend)

On the Front ...
http://localhost - Page displays ok
https://localhost - The Page Cannot Be Displayed

Ian
0
 
LVL 2

Expert Comment

by:uyht
ID: 11783674
Change your security to basic on the front end. and make sure you have enabled the ssl encryption.
0
 

Author Comment

by:iosys
ID: 11783764
Done that - still the same
0
 

Author Comment

by:iosys
ID: 11784789
FIXED IT !!!

Looks like the new certificate was faulty.
Set it back to the certificate that came with OWAAdmin, and then got 440 logon timeout error.

Set everyone to have READ permissions to the following and it now works :
\exchweb\bin
\exchweb\bin\auth
\exchweb\bin\auth\usa
\exchweb\bin\auth\usa\logon.asp

Finally ran IISRESET

Ian
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13533759
Did you manage to get this working correctly?
If so, then you should close the question and award the points.
If you still need assistance then please post back so that the issue can be resolved.

Simon.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14512739
PAQed with no points refunded (of 250)

modulo
Community Support Moderator
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now