Solved

OWA HTTPS redirection

Posted on 2004-08-10
10
2,969 Views
Last Modified: 2007-12-19
I am following KB article 839357 to redirect http: to
https: for OWA access. I have also setup a URL redirection
on the Defualt Web site to redirect to Exchange so the
users need only type the OWA URL (postooffice.domain.com)
without the \exchange to access OWA as IIS is dedicated
to this purpose.  The problem is the Https redirection
does not work with this configuration.  If I type the url
with the \exchange I am redirected properly, but typing
the URL only with the URL redirection configured it does
not work.  Hope this makes sense.  Any help would be
appreciated. Thanks, Doug
0
Comment
Question by:dhlemasurier
  • 5
  • 3
  • 2
10 Comments
 
LVL 3

Accepted Solution

by:
bgoins earned 250 total points
ID: 11765926
If you are using Exchange 2003 this might help:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555053

Good luck
B
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11767618
Redirect an HTTP connection to HTTPS for Outlook Web Access (OWA) in Exchange 2003 Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;555126

Symptom
Microsoft recommends that you require a Secure Sockets Layer (SSL) connection for your Outlook Web Access users to encrypt the information that is sent to or received from Microsoft Exchange 2003 Server.
When you configure IIS 6.0 (Windows 2003 Server) to require SSL for all incoming Outlook Web Access requests, Outlook Web Access users who try to connect by using HTTP receive the following error message:
HTTP 403.4 - Forbidden: SSL required Internet Information Services.
Some administrators may want to have this accomplished automatically for the user so that any time a request comes in using HTTP://, it is redirected to HTTPS:// automatically. This eliminates any user interaction for the client and verifies that all incoming connections are SSL enabled.
This article explains how to implement this solution with IIS 6.0 and OWA 2003 with little to no impact on the user experience and server.

Cause
After receiving the error message, the Outlook Web Access user must manually type HTTPS://at the beginning of the URL to connect to the Exchange 2003 computer.

Resolution
To configure IIS 6.0 to automatically redirect HTTP requests as HTTPS requests, follow these steps:
1. create OWAasp directory under Inetpub\Wwwroot directory.
2. Create an ASP page named Owahttps.asp that contains the following data, and then save the file at Inetpub\Wwwroot\OWAasp directory:
<%     If Request.ServerVariables("SERVER_PORT")=80 Then         Dim strSecureURL         strSecureURL = "https://"         strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")         strSecureURL = strSecureURL & "/exchange"         Response.Redirect strSecureURL     End If   %>
NOTE: Do not replaceSERVER_PORT and SERVER_NAME in the code. They are variables and the code snippet should be copy/pasted as it is shown without modification.
3. Start Internet Services Manager.
4. Expand Computer Name, and then expand the Web site that your Outlook Web Access users use to access Exchange 2003.
    For example, expand Web Sites.
5. Right-click this Web site, point to New, and then click Virtual Directory.
6. Click Next, type OWA_Redirect in the Alias box, and then click Next.
7. In the Directory box, click Browse and point to c:\inetpub\wwwroot\owaasp.
8. Click Next, leave the default check boxes selected on the Access Permissions page, click Next, and then click Finish.
9. Right-click the Exchange virtual directory, and then click Properties.
10. Click the Custom Errors tab, and then double-click 403.4.
11. In the Message Type list, click URL.
12. In the URL box, type /owa_redirect/owahttps.asp, and then click OK.
13. Click the Directory Security tab.
14. Under Secure Communications, click Edit.
15. Click to select the Require secure channel (SSL) check box.
Note If you want to require 128-bit encryption, click to select the Require 128-bit encryption check box.
16. Click OK two times.
Note The Exchange virtual directory and the Public virtual directory are the only virtual directories that you have to configure to require SSL. If you have other virtual directories where you want to require SSL, enable SSL on each virtual directory individually.To allow an initial HTTP request from an Outlook Web Access user, make sure that you do not require SSL on the OWA_Redirect IIS virtual directory. If you require SSL on the OWA_Redirect Virtual directory, the initial HTTP connection cannot be established. Additionally, do not require SSL on the root Web site that contains the OWA_Redirect application.
17. Right-click the OWA_Redirect IIS virtual directory and then click Properties.
18. On the bottom, under the Application Pool, choose ExchangeApplicationPool.
19. Restart the server, or restart the IIS Admin Service. To restart the IIS Admin Service:
20. Click Start, click Run, type services.msc in the Open box, and then click OK.
21. In the list of services, right-click IIS Admin Service, and then click Restart.
22. Click Yes to confirm that you want to restart all the dependent services.
23. Test for functionality.
0
 

Author Comment

by:dhlemasurier
ID: 11771538
Thanks for the responses.

I have tried 555126 kb article and am getting the same results, the https edirection works fine if I do not redirect all requests to the /excnage directory.

I tried following the 555053 kb article this morning and am stuck on Step 8.  Sorry for the ignorance, but it says in "IIS admin" go to the properties of the owasp folder.....  What/Where is IIS admin?  I do not see the folder in IIS Manager.

Thanks again, Doug
0
 
LVL 3

Expert Comment

by:bgoins
ID: 11771838
IIS admin is the same thing as IIS Manager.  You should see that owasp folder you created in there.

B
0
 

Author Comment

by:dhlemasurier
ID: 11772186
OK I was able to make the changes in Step 8.  Now when I hit the URL i get a page with the word "redirect".  I checked steps 3 and 4 and all looks OK.  Is step 3 correct the redirect.htm file just has the word redirect in it?

Doug
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 3

Expert Comment

by:bgoins
ID: 11772906
Yes, I think this is the most important part though:

Save the file with the name redirect.htm into the default web site directory.  Now go to the properties of this file from within IIS Manager, and under the option The content for this resource should come from: choose A redirection to a URL.  In the redirect to: box that is now able to be filled it, type /exchange

B
0
 
LVL 3

Expert Comment

by:bgoins
ID: 11772923
This is also important:

*Note:  If you have additional content on the default web site of your Exchange server and/or host other websites, be aware that after completing this step, requests to the default website will result in automatic redirection to the /exchange virtual directory.  Make sure that you understand the impact of this change.

B
0
 

Author Comment

by:dhlemasurier
ID: 11773269
OK I got it working now.  I cleared the temporary files/history and it worked.  

Thanks for the assistance!

Doug
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11773434
Very nice ... Congrats!

You might want to check out a few of these links now that you have it up and running -

http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
http://support.microsoft.com/?kbid=830827
0
 
LVL 3

Expert Comment

by:bgoins
ID: 11773483
Glad to help and glad it is working!

B
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now