Emmis
asked on
OWA SSL Redirect not working
I have done the below to the "T" and I still can get it to work. Any ideas? Thanks
--------------------------
1. On the properties of the Exchange Virtual Directory, go to the same Directory Security tab and under the Secure Communications area, click on Edit. Choose Require Secure Channel (SSL) and check the box next to require 128-bit encryption. Follow the same steps for the Public Virtual Directory.
2. Now that you have enabled SSL, you can enable Forms-based authentication. Go into Exchange System Manager, and go to the properties of the Default HTTP Virtual Server. Under the Settings tab, check the box Enable Forms-based authentication. Optionally, modify the compression settings. Setting this to High will have the greatest performance improvement to users. Forms-based authentication will allow Exchange to display the OWA logon screen instead of the popup window asking for username and password.
3. Assuming that the only thing IIS does on your Exchange server is OWA, make the following change to redirect requests to the /exchange virtual directory. Open notepad and type the word redirect. Save the file with the name redirect.htm into the default web site directory. Now go to the properties of this file from within IIS Manager, and under the option The content for this resource should come from: choose A redirection to a URL. In the redirect to: box that is now able to be filled it, type /exchange.
*Note: If you have additional content on the default web site of your Exchange server and/or host other websites, be aware that after completing this step, requests to the default website will result in automatic redirection to the /exchange virtual directory. Make sure that you understand the impact of this change.
4. On the properties of your Default Web Site, go to the Documents Tab. Add redirect.htm to the list of documents, and move it to the top of the list. This ensures that the server checks for the redirect.htm file first and if it finds it, it will execute it.
5. Open up notepad again and paste the following code. Do not modify it. Save the file as owahttps.asp.
<%
If Request.ServerVariables("S
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("S
strSecureURL = strSecureURL & "/exchange"
Response.Redirect strSecureURL
End If
%>
6. In Windows Explorer, navigate to the wwwroot folder (x:\inetpub\wwwroot where x is the drive IIS is installed) and create a new folder called owaasp. Place the owahttps.asp file into this directory. Once the directory is created, it should show up in IIS admin.
7. The next step is to modify the Custom error for 403;4 (SSL required). Go into the properties of the Exchange Virtual Directory, and go to the Custom Errors tab. Scroll down and find 403;4 and choose Edit Properties. Change the message type to URL and in the URL, type, /owaasp/owahttps.asp.
8. Next, in IIS Admin, go to the properties of the owaasp folder and on the bottom, under the Application Pool, choose ExchangeApplicationPool. If the Application Pool is not available, Click the Create button next to Application Name and then you will be able to select the Application Pool. Once this is configured, requeststo http://servername.domain.com will now be redirected to https://servername.domain.com/exchange.
--------------------------
1. On the properties of the Exchange Virtual Directory, go to the same Directory Security tab and under the Secure Communications area, click on Edit. Choose Require Secure Channel (SSL) and check the box next to require 128-bit encryption. Follow the same steps for the Public Virtual Directory.
2. Now that you have enabled SSL, you can enable Forms-based authentication. Go into Exchange System Manager, and go to the properties of the Default HTTP Virtual Server. Under the Settings tab, check the box Enable Forms-based authentication. Optionally, modify the compression settings. Setting this to High will have the greatest performance improvement to users. Forms-based authentication will allow Exchange to display the OWA logon screen instead of the popup window asking for username and password.
3. Assuming that the only thing IIS does on your Exchange server is OWA, make the following change to redirect requests to the /exchange virtual directory. Open notepad and type the word redirect. Save the file with the name redirect.htm into the default web site directory. Now go to the properties of this file from within IIS Manager, and under the option The content for this resource should come from: choose A redirection to a URL. In the redirect to: box that is now able to be filled it, type /exchange.
*Note: If you have additional content on the default web site of your Exchange server and/or host other websites, be aware that after completing this step, requests to the default website will result in automatic redirection to the /exchange virtual directory. Make sure that you understand the impact of this change.
4. On the properties of your Default Web Site, go to the Documents Tab. Add redirect.htm to the list of documents, and move it to the top of the list. This ensures that the server checks for the redirect.htm file first and if it finds it, it will execute it.
5. Open up notepad again and paste the following code. Do not modify it. Save the file as owahttps.asp.
<%
If Request.ServerVariables("S
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("S
strSecureURL = strSecureURL & "/exchange"
Response.Redirect strSecureURL
End If
%>
6. In Windows Explorer, navigate to the wwwroot folder (x:\inetpub\wwwroot where x is the drive IIS is installed) and create a new folder called owaasp. Place the owahttps.asp file into this directory. Once the directory is created, it should show up in IIS admin.
7. The next step is to modify the Custom error for 403;4 (SSL required). Go into the properties of the Exchange Virtual Directory, and go to the Custom Errors tab. Scroll down and find 403;4 and choose Edit Properties. Change the message type to URL and in the URL, type, /owaasp/owahttps.asp.
8. Next, in IIS Admin, go to the properties of the owaasp folder and on the bottom, under the Application Pool, choose ExchangeApplicationPool. If the Application Pool is not available, Click the Create button next to Application Name and then you will be able to select the Application Pool. Once this is configured, requeststo http://servername.domain.com will now be redirected to https://servername.domain.com/exchange.
Are you receiving the HTTP 403 error when you try to access the web page?
ASKER
This is the onely error I can see. I have done all the above mention thing ask. I get "Cannot find server or DNS Error
Internet Explorer" and "Page can not be dsiplayed"
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 1194
Date: 8/28/2004
Time: 9:38:18 AM
User: N/A
Computer: DL380
Description:
Accept clients on external interface MAPIRPC failed with error 0x4b1.
For more information, click http://www.microsoft.com/contentredirect.asp.
Internet Explorer" and "Page can not be dsiplayed"
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 1194
Date: 8/28/2004
Time: 9:38:18 AM
User: N/A
Computer: DL380
Description:
Accept clients on external interface MAPIRPC failed with error 0x4b1.
For more information, click http://www.microsoft.com/contentredirect.asp.
ASKER
This KB that you but out (http://support.microsoft.com/default.aspx?scid=kb;en-us;555126) here is telling to do thing different that the one that I did (http://support.microsoft.com/default.aspx?scid=kb;en-us;555053)
Any thoughts?
Thanks
Any thoughts?
Thanks
They are a little different since they are community submitted documents from MVP's ... I'd go with http://support.microsoft.com/default.aspx?scid=kb;en-us;555126 since it is newer and seems to be a little more detailed ...
ASKER
Still no luck.
Check out this link and see if it helps ... http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
hmmm sorry ... that isn't the link I wanted to post ... let me try to dig it up ...
ok ... let's try this article http://support.microsoft.com/default.aspx?kbid=279681 ... it is for E2K but should be relavant ...
Are you receiving the 403 errors now ... or is it not even attempting to redirect?
Can you logon your mailbox by typing in https://servername/exchange?
Are you receiving the 403 errors now ... or is it not even attempting to redirect?
Can you logon your mailbox by typing in https://servername/exchange?
ASKER
https://servername/exchange doesn't work, I get "Cannot find server or DNS Error Internet Explore"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am trying to acces from a windows xp Pro
I can oing the FQDN
and neither of the below work.
https://xxx.xxx.xxx.xxx/exchange
http://servername/exchange
Here is what I have in the redirect script:
<%
If Request.ServerVariables("S
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("S
strSecureURL = strSecureURL & "/exchange"
Response.Redirect strSecureURL
End If
%>
I can oing the FQDN
and neither of the below work.
https://xxx.xxx.xxx.xxx/exchange
http://servername/exchange
Here is what I have in the redirect script:
<%
If Request.ServerVariables("S
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("S
strSecureURL = strSecureURL & "/exchange"
Response.Redirect strSecureURL
End If
%>
ASKER
Just wanted to let everyone know the the below KB did not work.
http://support.microsoft.com/default.aspx?scid=kb;en-us;555126
But this one with some modications did.
http://support.microsoft.com/default.aspx?scid=kb;en-us;555053)
Thanks
http://support.microsoft.com/default.aspx?scid=kb;en-us;555126
But this one with some modications did.
http://support.microsoft.com/default.aspx?scid=kb;en-us;555053)
Thanks
what modification did you need to make to the script?
ASKER
I had to add a certificate server and created a certificate for Exchange, and instead of "redirect" in the redirect.htm I put "<html>foo</html>". I also added owahttps.asp in the document tape of the Exchange Virtual server tab, and moved it above the "redirect.htm".
Thanks
Thanks
Have you read through these articles?
http://support.microsoft.com/default.aspx?scid=kb;en-us;555126
http://support.microsoft.com/?kbid=839357
After step 8 ... did you do the following?
Click the Custom Errors tab, and then double-click 403.4.
In the Message Type list, click URL.
In the URL box, type /owa_redirect/owahttps.asp
Click the Directory Security tab.
Under Secure Communications, click Edit.
Click to select the Require secure channel (SSL) check box.
Note If you want to require 128-bit encryption, click to select the Require 128-bit encryption check box.
Click OK two times.
Note The Exchange virtual directory and the Public virtual directory are the only virtual directories that you have to configure to require SSL. If you have other virtual directories where you want to require SSL, enable SSL on each virtual directory individually.
To allow an initial HTTP request from an Outlook Web Access user, make sure that you do not require SSL on the OWA_Redirect IIS application. If you require SSL on the OWA_Redirect application, the initial HTTP connection cannot be established. Additionally, do not require SSL on the root Web site that contains the OWA_Redirect application.
For Exchange 2003, you must also follow these steps:
Right-click the OWA_Redirect IIS virtual directory, and then click Properties.
Click the Virtual Directory tab, and then click ExchangeApplicationPool in the Application Pool box.
Click OK.
Restart the server, or restart the IIS Admin Service. To restart the IIS Admin Service:
Open Control Panel.
Double-click Services.
Note To access the Services Control Panel item on a Windows 2000 computer or on a Windows Server 2003 computer, you must first open Administrative Tools in Control Panel.
In the list of services, right-click IIS Admin Service, and then click Restart.
Click Yes to confirm that you want to restart all the dependent services.