?
Solved

OWA SSL Redirect Problem.

Posted on 2005-03-15
12
Medium Priority
?
1,255 Views
Last Modified: 2012-06-27
I am having troubles getting are OWA SSL Redirect to work. I Am following MS Artical on how to due it. I Can get client to connect just using https:<servername>/exchange. When they use the owhttps.asp they get redirected to the secure page an i get the following error.

"Secure Channel Required This Virtual Directory requires a browser that supports the configured encryption options."

I have verified that my browers can do SSL, I check to make sure it is 128 crypto.






"<%
      If Request.ServerVariables("SERVER_PORT")=80 Then
         Dim strSecureURL
         strSecureURL = "https://"
         strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
         strSecureURL = strSecureURL & "/exchange"
         Response.Redirect strSecureURL
      End If
   %>"
0
Comment
Question by:MercedInfoSys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
12 Comments
 
LVL 22

Expert Comment

by:ATIG
ID: 13547914
http://support.microsoft.com/?kbid=839357

we also edit the 404.3 error page to redirect

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta http-equiv="refresh" content="0;url=https://xxxx.xxx..xxx"> <meta name="GENERATOR" content="Microsoft FrontPage 4.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <title></title> </head>

</html>
0
 

Author Comment

by:MercedInfoSys
ID: 13549748
I forgot to mention that i already edited the 404.3 error for the redirect. The rediect works exept that i get ""Secure Channel Required This Virtual Directory requires a browser that supports the configured encryption options." This just does not make sense to me. It makes it sound like a client side issues. i have tired 10 differnt machines with the newest IE and i still can't connection. But if i just go to the https:// then i can connect.
0
 
LVL 22

Expert Comment

by:ATIG
ID: 13558510
dont know if this will help but have you restarted your IIS service?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 3

Expert Comment

by:quell23
ID: 13560094
See if you have the require secure channel box checked or unchecked. Under Directory Security tab in the secure communications area click edit.  Test it with both and see what happens. In that MS article is says:
If you require SSL on the OWA_Redirect application, the initial HTTP connection cannot be established. Additionally, do not require SSL on the root Web site that contains the OWA_Redirect application.
Not for sure why you would get that error unless you have that box checked. Have to go googling on that one. :)


0
 
LVL 3

Expert Comment

by:quell23
ID: 13560140
Sorry for another post,  had another idea. Just to make sure your browser supports 128 bit: Open IE and click on help then about IE and verify that your Cipher Strength is at 128. Just my 2 cents...hope it helps.
0
 

Author Comment

by:MercedInfoSys
ID: 13560216
I have stopped and start all services related to IIS and yes i have verifed to make sure the browser supports 128bit ciper. I can even go to https://<server>/exchange and it works. That proves that it is not a ciper issues on the client Side. Plus i have tired it on many systems.
0
 

Author Comment

by:MercedInfoSys
ID: 13560226
I also have made sure the require secure communcation is just check on the OWA_redirect Virtual Directory and not the default web site. It actually give you a differnt error if you did that. I tested to make sure.
0
 
LVL 3

Expert Comment

by:quell23
ID: 13560305
Sorry, not to be rude or anything  but I'm not for sure what "just check" means. The require secure channel  box is supposed to be unchecked along with the root web site.
If the box  is checked on the the OWA_Redirect the initial HTTP connection cannot be established.
0
 

Author Comment

by:MercedInfoSys
ID: 13560957
Sorry for by bad grammer, It is not check on the default web site and it is checked on the owa_direct virtual directory.
0
 
LVL 3

Accepted Solution

by:
quell23 earned 200 total points
ID: 13565059
This was copied from that KB 839357

Note The Exchange virtual directory and the Public virtual directory are the only virtual directories that you have to configure to require SSL. If you have other virtual directories where you want to require SSL, enable SSL on each virtual directory individually.

To allow an initial HTTP request from an Outlook Web Access user, <i>make sure that you do not require SSL on the OWA_Redirect IIS application</i>. If you require SSL on the OWA_Redirect application, the initial HTTP connection cannot be established. Additionally, do not require SSL on the root Web site that contains the OWA_Redirect application.


From what the KB article says you need to UNCHECK the require secure channel box for OWA_Redirect
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question