Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

OWA URL and Logon Screen

Posted on 2004-08-06
19
Medium Priority
?
895 Views
Last Modified: 2008-02-07
Hi,

Two quick questions relating to Exchange 2003 + OWA...
1. can you change and then remove the default OWA url (/exchange) ?
I'd like tio change it to something less obvious (ie. /webmail) and then remove /exchange, so hackers don;t necessarily know it's an exchange backend.

2. When I logon to my OWA server, via a Front-end server on our DMZ, I am prompted for the name + password, before being taken to OWA. However, the prompt is a standard Windows Logon Pop-Up, and not an OWA webpage with logon.
I've seens mention, and other OWA sites on the net, where you are taken straight to the OWA Logon page and you enter your credentials and then choose Basic or Premium client.
How can I force OWA to show this screen as opposed to the Windows Credentials Pop-Up.

Thanks
Ian
0
Comment
Question by:iosys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 4
  • +1
19 Comments
 
LVL 2

Expert Comment

by:uyht
ID: 11736336
you need to select fba. it is on the exchange virtual directory properties advanced tab in esm. You have to have ssl running for this to work though. fba(forms based authentication)
0
 

Author Comment

by:iosys
ID: 11736422
To install SSL do I need to install Certificate Server ? (If yes, can I install it on the Front End Server and is there a cost)
Will all the clients need a certifivcate installing on their PC's ???
0
 
LVL 2

Expert Comment

by:uyht
ID: 11736451
you can create the cert server yourself this is a great site a tutorial. http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

It is not hard to do, i did it on a test lab and it worked very well.
0
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 104

Expert Comment

by:Sembee
ID: 11740550
To make OWA the default on a web site:

1. Start IIS Manager
2. Right click on the "Default Web Site" and choose "Properties".
3. Click on the "Home Directory" tab.
4. Change the first option to "A redirection to a URL".
5. Enter "/exchange" in to the box (minus quotes)
6. Change the entry below to "A directory below URL entered".
7. Click Apply/OK and close the IIS Manager.
8. Test.


http://www.amset.info/exchange/default-web.asp

As for SSL, while you can use your own certificate I prefer to purchase one. FreeSSL do two year certificates for US$60. This saves prompts being received when the users access the OWA URL.
It also means that you can use RPC over HTTP at a later date.

Simon.
0
 

Author Comment

by:iosys
ID: 11750523
I don't want OWA to be the default page on the website, what I want to do is change the OWA URL from /exchange to /webmail.

That way, if someone is trawling sites on the net looking for vulnerable Exchange sites (ie. searching for /exchange on a site and seeing if they get an OWA prompt) they won;t find mine !

Cheers
Ian
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11754687
Oh.
It isn't easy to do that. It may work by removing the Exchange virtual folders and then recreating them with the correct paths. It isn't something I have done before - and isn't something I have been too worried about.

However OWA would not be the first way I would go looking for an Exchange server on the Internet. FBA isn't heavily used yet - many people don't even know that it is there.

If I was looking for Exchange servers I would be looking at the SMTP banner. This tells you not only that it is Exchange but also which version.

Simon.
0
 
LVL 2

Expert Comment

by:uyht
ID: 11755263
All you have to do is  put a redirect so if you had www.whatever.com/exchange just change to www.whatever.com/webmail and then inside the webmail folder you could have a redirect to your exchange folder. That way you could apply ntfs security on the webmail folder and limit access that way. But I am not sure how you would close down the exchange folder so no one got to it if you are running this box out of a firwall
0
 

Author Comment

by:iosys
ID: 11781526
Ok, here's where we are so far ...

Created a certificate
Installed that on the Front End Server

Setup /exchange and /public to use SSL (128bit)

Setup ESM to use FBA with High compression.

Enter: http://www.frontlione.ltd.uk/exchange - receive message that bneed to use https (so far so good)
Enter: https://www.frontline.ltd.uk/exchange - receive Page not found error
So, tried using the internal IP address of the Front End Server, and still get the Page Not Found error.

Any ideas ? What page actually hold the FBA Logon page - need to check it's there !

Ian
0
 
LVL 2

Expert Comment

by:uyht
ID: 11782080
what athentication settings are you using?
0
 

Author Comment

by:iosys
ID: 11782108
Integrated Windows and Basic

If I goto http://www.frontline.ltd.uk I get a totally blank page, as I should do (This is my page)
If I switch on SSL / FBA and goto https://www.frontline.ltd.uk I get the 'Page not found' error

Looks like a certificate or security problem.

Does anyone have a document on setting up OWA with SSL, FBA and a Front-End Server (ie. what you set on each of the 2 boxes)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11783413
Go back to basics first.
On the Exchange backend server itself, enter http://localhost and see what happens.
Then do the same with https if the SSL certificate is installed there.
Repeat with the frontend.

Simon.
0
 

Author Comment

by:iosys
ID: 11783534
On the Backend ...
http://localhost - Page displays ok
https://localhost - The Page Cannot Be Displayed (SSL certificate isn't installed on the backend)

On the Front ...
http://localhost - Page displays ok
https://localhost - The Page Cannot Be Displayed

Ian
0
 
LVL 2

Expert Comment

by:uyht
ID: 11783674
Change your security to basic on the front end. and make sure you have enabled the ssl encryption.
0
 

Author Comment

by:iosys
ID: 11783764
Done that - still the same
0
 

Author Comment

by:iosys
ID: 11784789
FIXED IT !!!

Looks like the new certificate was faulty.
Set it back to the certificate that came with OWAAdmin, and then got 440 logon timeout error.

Set everyone to have READ permissions to the following and it now works :
\exchweb\bin
\exchweb\bin\auth
\exchweb\bin\auth\usa
\exchweb\bin\auth\usa\logon.asp

Finally ran IISRESET

Ian
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13533759
Did you manage to get this working correctly?
If so, then you should close the question and award the points.
If you still need assistance then please post back so that the issue can be resolved.

Simon.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14512739
PAQed with no points refunded (of 250)

modulo
Community Support Moderator
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question