OMA host header

How can I get OMA to use a host header.
i want OWA to keep using outlook.mydomain.com and I want OMA to be accessible by mobile.mydomain.com
Currently I have dns entries for both pointing to the public IP of my OWA/OMA server but at the moment I have to type outlook.mydomain.com/mobile to get OMA
LVL 1
viperacomAsked:
Who is Participating?
 
LeeDerbyshireConnect With a Mentor Commented:
You will no longer need the default.asp if you use host headers.  My original plan was to redirect to Virtual Directories, like /Exchange and /OMA on the default web site, but then SSL appeared in the equation (I'm not sure exactly where), and then things became very complicated (i.e. you then need two web sites to avoid the SSL 'different host name' problem).

If you have two public IPs, then you can map them to two different internal IPs (on the same server), and then you can have both Web sites using 443 for SSL, but with different IP addresses.  From what I can find out about this, you /can/ use host headers with IIS6 (as long as you have W2K3 server SP1), but they still need a unique IP/Port combination on the server.
0
 
LeeDerbyshireCommented:
I think you will need to add an extra Web Site in IIS Manager to do this, and then redirect this Web Site to get its content from your existing outlook.mydomain.com/mobile address.
0
 
viperacomAuthor Commented:
sounds good but can you elaborate... i think OMA can be fragile if you start moving things around
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LeeDerbyshireCommented:
Fortunately, you don't have to move OMA.  In IIS Manager, create a new Web Site under the server object Web Sites container, give it a name (anything), but tell IIS to use your host header name for this new Web Site.  When it asks where to get the content from, just say C:\ for now (you change it later), and finish the wizard.  Then go back into its properties, and on the Home Directory tab, click the 'A Redirection..' option, and in the 'Redirect to' input box, type your existing outlook.mydomain.com/oma location.
0
 
SembeeCommented:
In my experience, OWA/OMA doesn't like host headers.
You can't use host headers with SSL, nor can you use a wildcard SSL certificate (as Windows mobile doesn't support them). The fact that you using host headers means you aren't using SSL, so why not just use an alias in DNS?

Simon.
0
 
LeeDerbyshireCommented:
You know, I was assuming that the OP wanted to use mobile.mydomain.com (i.e. without /oma on the end) as the full URL for OMA, but reading the question again, I could be wrong.  If you are prepared to use mobile.mydomain.com/OMA , then there is no problem - just point the DNS record at the server.  But if you want it to be just http://mobile.mydomain.com , then it gets more complicated.
0
 
viperacomAuthor Commented:
Hi,

Yes I would like to use mobile.mydomain.com without the /oma at the end.
Currently mobile.mydomain.com and outlook.mydomain.com point to the same IP.
I have a redirect on the default site so that outlook.mydomain.com goes straight to the OWA login page.

I was hoping to be able to somehow point requests for mobile.mydomain.com straight to the OMA login page.

0
 
LeeDerbyshireCommented:
I see, that's what I thought.  And for that, I think you will need a second Web site.  Here's something I tried that works okay here.  Create a second web site under the Web Sites container in IIS Manager.  Give it a host header name mobile.domain.com , and for the path just put C:\ for now.  Accept all the other default values.  When that's finished, right-click the OMA VDir under your Default Web Site, and save its configuration to a file.  Then, right-click your second Web site, and select 'New VDir from a file', and import the file you just saved.  Then look at the properties of the second Web Site.  On the Home Directory tab, select 'A redirection to a URL', and in the box type /OMA .  Then check 'A directory below URL entered', and save the changes.  No, when you go to mobile.mydomain.com , you should go straight to OMA.  It works here, anyway.
0
 
viperacomAuthor Commented:
great, i will give it a try
0
 
viperacomAuthor Commented:
PS: i've just noticed before i have gone to do this that OWA is now broken for anyone outside head office. I havent made the OMA change yet.
The user logs in and it times out giving error 503. I just recently turned off "require ssl" so that OMA would work from mobiles. the firewall does not allow port 80 so they are forced to use ssl anyway.
I am happy to start a new thread to allocate points if you have an answer... i just want to fix that before making any more changes sorry
0
 
LeeDerbyshireCommented:
There are a couple of MS docs for this that are probably the best place to start:

http://support.microsoft.com/?kbid=823159
http://support.microsoft.com/?kbid=837285
0
 
SembeeCommented:
With some clever scripting you can use a single URL for both OMA and OWA.
What you need to do is detect the web browser that is being used. I have successfully done it for Windows Mobile devices.
The relevant code goes in to the forms based page and redirects the user to OMA if the are accessing OWA with a Windows Mobile device.

http://www.amset.info/exchange/owa-redirectpages.asp

Simon.
0
 
LeeDerbyshireCommented:
Good idea.  You could also have a Default.asp file that detects which host name was used to access the server.  Of course, if you did this, then you couldn't have anything else in the Default Web Site.

<%
If LCase(Request.ServerVariables("SERVER_NAME")) = "mobile.mydomain.com" Then
  Response.Redirect "/OMA"
Else
  Response.Redirect "/Exchange"
End If
%>
0
 
SembeeCommented:
Couldn't you layer the redirect pages up?
First one sends you to /oma or another redirect
Next one sends you to /exchange or another redirect
Last one delivers the default page.

hmmmm

I can immediate think of two sites where that will work very well...

Simon.
0
 
LeeDerbyshireCommented:
You can do this (below), or use another redirect instead of embedding the default page:

<%
If LCase(Request.ServerVariables("SERVER_NAME")) = "mobile.mydomain.com" Then
  Response.Redirect "/OMA"
ElseIf LCase(Request.ServerVariables("SERVER_NAME")) = "owa.mydomain.com" Then
  Response.Redirect "/Exchange"
Else
%>

<html>
Default Web Page.  Etc.
</html>

<%
End If
%>
0
 
SembeeCommented:
Ooo lovely.
Just a pity that Windows Mobile doesn't support wildcard SSL certificates, otherwise you could combine that code with forms based authentication.

Simon.
0
 
LeeDerbyshireCommented:
Of course, this won't work for those people that redirected their Default Web Site to /Exchange in IIS Manager (because the Default.asp page never gets loaded) - you'd have to let the Default.asp page do the actual redirection.

Having a second Web Site on the same server, and redirecting to a (cloned as described above) OMA VDir on that (instead of the OMA VDir on the Default Web Site) might help with the wildcard cert problem.

Response.Redirect "https://second.host.header.name/OMA"
0
 
LeeDerbyshireCommented:
Oh, but you wouldn't need the SERVER_NAME redirect with a second site - you'd just use its host header.
0
 
viperacomAuthor Commented:
Excellent, I will try this out tomorrow. Cheers
0
 
viperacomAuthor Commented:
OK I have completely removed and reinstalled Exchange from my front end server.
I have put the following code at the top of the iistart.htm file for default web site

<%
If LCase(Request.ServerVariables("SERVER_NAME")) = "outlook.blah.com" Then
  Response.Redirect "/Exchange"
Else Response.Redirect "https://mobile.blah.com/OMA
%>
(NB: I have put SERVER_NAME as exactly that, not my real server name- is this correct?)

THen I have done this...
---
Create a second web site under the Web Sites container in IIS Manager.  Give it a host header name mobile.blah.com , and for the path just put C:\ for now.  Accept all the other default values.  When that's finished, right-click the OMA VDir under your Default Web Site, and save its configuration to a file.  Then, right-click your second Web site, and select 'New VDir from a file', and import the file you just saved.  Then look at the properties of the second Web Site.  On the Home Directory tab, select 'A redirection to a URL', and in the box type /OMA .  Then check 'A directory below URL entered', and save the changes.
---

I have an SSL cert for outlook.blah.com and a different SSL cert for mobile.blah.com.
If I install the mobile one to the newly created second site and also enable on the OMA v directory... then do I just install the outlook.blah.com SSL cert on the default site and enable for exchange vdir? will they conflict at all?
0
 
viperacomAuthor Commented:
Sorry for not waiting for a response but I have installed the mobile SSL cert on the mobile site using port 443. I have installed the outlook cert on the default site using port 444. I have not set Exchange vDIr to require SSL because only ports 443 and 444 are allowed through the firewall..

Currently if I browse to https://mobile.blah.com I get redirected to OMA (hooray!)
But... if I browse to https://outlook.blah.com I still get redirected to OMA (I think I have the redirect code slightly wrong)
0
 
viperacomAuthor Commented:
would it be because I have no exchfilt.dll listed in ISAPI filters since the reinstall? - just noticed.
0
 
viperacomAuthor Commented:
still ALWAYS get redirected to OMA.
This is the entire contents of my default.asp...

<%
If LCase(Request.ServerVariables("SERVER_NAME")) = "mobile.blah.com" Then
  Response.Redirect "https://mobile.blah.com/OMA"
ElseIf LCase(Request.ServerVariables("SERVER_NAME")) = "outlook.blah.com" Then
  Response.Redirect "/Exchange"
Else
%>

<html>
Default Web Page.
</html>

<%
End If
%>
0
 
LeeDerbyshireCommented:
I think you have redirected your Default Web Site to '/Exchange' (like you just redirected your second Web site to '/OMA') that means that your code never gets executed.  You need to remove the existing redirect and let the VBScript take care of it.

Also, it needs to be in Default.asp - you can't include VBScript code in an .htm file because .htm files are not pre-processed liked .asp files are.  Look at the default documents for the DWS and make sure that default.asp is at the top of the list.

SERVER_NAME is exactly right.
0
 
LeeDerbyshireCommented:
Sorry, I mean you may have your DWS redirected to '/OMA' (not /Exchange).  Make sure you haven't, before we check anything else.
0
 
viperacomAuthor Commented:
Hi I have checked all of that already...
still going to OMA no matter what.
0
 
LeeDerbyshireCommented:
Okay, can you go to https://outlook.yourdomain.com , wait a few minutes (to let it flush the log cache), and then open your current IIS log file in Notepad, and paste us the lines generated by this request.  You should see the time at the left-hand side, so you can tell which block of log entries are created when you request the URL.
0
 
viperacomAuthor Commented:
this is browsing to https://outlook.yourdomain.com which directs to OMA and then logging in with myusername

2006-07-03 11:10:14 W3SVC1523476301 192.168.x.x GET / - 443 - x.x.2.212 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 302 0 0
2006-07-03 11:10:14 W3SVC1523476301 192.168.x.x GET /OMA/oma.aspx - 443 myusername x.x.2.212 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 302 0 0
2006-07-03 11:10:15 W3SVC1523476301 192.168.x.x GET /OMA/oma.aspx - 443 myusername x.x.2.212 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 200 0 0
0
 
viperacomAuthor Commented:
and this is browsing to https://mobile.yourdomain.com which also redirects to OMA and logging in with myusername

2006-07-03 11:16:18 W3SVC1523476301 192.168.x.x GET / - 443 - x.x.2.212 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 302 0 0
2006-07-03 11:16:18 W3SVC1523476301 192.168.x.x GET /OMA/ - 443 - x.x.2.212 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 401 2 2148074254
2006-07-03 11:16:23 W3SVC1523476301 192.168.x.x GET /OMA/oma.aspx - 443 myusername x.x.2.212 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 302 0 0
2006-07-03 11:16:23 W3SVC1523476301 192.168.x,x GET /OMA/oma.aspx - 443 myusername x.x.2.212 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 200 0 0
0
 
LeeDerbyshireCommented:
Looking at the W3SVC1523476301 bit, it looks like neither of these is from your Default Web Site (which should be W3SVC1), so I think that requests for both outlook. and mobile. are going to the second Web Site.  Did you configure the second Web site to use the host header mobile.yourdomain.com ?
0
 
viperacomAuthor Commented:
yes i did, and the default site currently has no host header set.
I even tried setting the host header of the default site to outlook.yourdomain.com but that didnt work either
0
 
viperacomAuthor Commented:
even if i set the default site to redirect to /exchange it still goes to OMA.
Is it because OMA SSL is 443 and default site is 444?
or does the ssl port work automatically?
0
 
viperacomAuthor Commented:
OK here is the latest ( I have it all working apart from an SSL cert error...)
*******************************************************************
Default site SSL port set back to 443 and no host header.
Default site SSL cert is outlook.mydomain.com

---Default.asp contents---
<%
If LCase(Request.ServerVariables("SERVER_NAME")) = "mobile.yourdomain.com" Then
  Response.Redirect "https://mobile.yourdomain.com/OMA"
ElseIf LCase(Request.ServerVariables("SERVER_NAME")) = "outlook.yourdomain.com" Then
  Response.Redirect "/Exchange"
Else
%>

<html>
Default Web Page.
</html>

<%
End If
%>
----end of Default.asp contents--------

Seperate site in IIS named MOBILE
Contains OMA Vdir cloned as per your instructions previously.
Host header for this site is mobile.yourdomain.com
SSL port is 444 (couldnt make 443 due to conflict with default site)

if i browse to outlook.yourdomain.com and log in I get OWA hooray
if i browse to mobile.yourdomain.com and log in I get OMA hooray - but I initially get a SSL cert warning that the name doesnt match the cert. I think this is because it first goes via default site which is outlook not mobile. How can i prevent this? - I have an SSL cert for each name ie. outlook.yourdomain.com and mobile.yourdomain.com

Thanks for sticking with this so far... ALMOST THERE! :)
0
 
LeeDerbyshireCommented:
If you use a non-standard port (like 444), you are always going to have to put it in the URL, like this http://servername:444/ .  That is why you ended up at the second Web site.  You need to have the second back on 443.  If you have a host header for the second Web Site, then there should not be a conflict - I am surprised that it complained.  Only one thing needs to be different - the IP address it listens on (if the machine has several), the port number, or the host header.  Now that the second web site has a host header, you should be able to change it back to 443.  I think.

The SSL cert is a problem.  You will need another cert for mobile.domain.com  .  A wildcard cert for *.domain.com would have been good, but I am led to believe that Windows Mobile doesn't like them.
0
 
viperacomAuthor Commented:
The mobile site has host header mobile.yourdomain.com
it is currently set to 444 and works fine (apart from ssl cert warning which you simply acknowledge)

If i stop the mobile site, set to 443 and then try to start it says that another site is using the port so could not start.

I have 2 certs installed, one for default site and registered as outlook.yourdomain.com and one for mobile site registered as mobile.yourdomain.com.

so in summary. the redirect and everything works perfect but..
when browsing to mobile.yourdomain.com, before you get redirected, it complains about the name on the cert not matching which i presume is because when it gets to default site\default.asp to do the redirect code it says hangon you typed mobile.yourdomain.com but this site has ssl cert for outlook.yourdomain.com  ... THEN and only after you acknowledge, it redirects to mobile.yourdomain.com which does not complain because the ssl cert is correct for the mobile site...

any ideas?

0
 
LeeDerbyshireCommented:
But hang on a sec.  If the second Web Site has mobile.domain.com as its host header, and 444 as its port number, then you should be able to straight to the second web site with https://mobile.domain.com:444 .

We will have to decide if you are going to use 444 as the port, which means that you need to use it in all URLs (including the one in the default.asp)?  I would personally prefer to get everything on the same port.  If you have IIS6 (i.e. Windows 2003 server), then it can be done.  It may have complained before because you had another blank entry in the host headers table for the site.  I think one often ends up in there by default.
0
 
viperacomAuthor Commented:
i am running iis6 / 2003
browsing to mobile.yourdomain.com:444 get error 404 not found.
I do not understand why it works with 444 using the redirect code but it does.
I would prefer it on 443 but it wont let me.

ps: they are both on single IP.

what do u suggest?
0
 
LeeDerbyshireCommented:
I would double-check the host headers list on each web site.  Make sure that each table has only one entry.

I also need to make sure that IIS6 / SSL / host headers actually works.  This suggests it does:

http://support.microsoft.com/Default.aspx?id=187504

And yet, I find on my own server that if I try to use the same port, the second web site will go into a stopped state.  Although it doesn't actually complain at the time that I put 443 in the input field.
0
 
viperacomAuthor Commented:
I am now wondering whether accessing mobile.yourdomain.com is really using the cloned OMA and not the original OMA vdir.
Because mobile.yourdomain.com and outlook.yourdomain.com are the same IP, theoretically if the host headers were not working then mobile.yourdomain.com/OMA could actually be default site/OMA

Can i delete the original OMA vdir?

PS: Once I am logged in to OMA my browser says mobile.yourdomain.com/OMA and if you look at the info on the certificate error it says the certificate is outlook.yourdomain.com instead of mobile.yourdomain.com

hmmmm......
will check the host headers list...
so default website should have no header? or should it be set to outlook.yourdomain.com
0
 
LeeDerbyshireCommented:
You can delete the OMA VDir, but it is not trivial to recreate it:

http://support.microsoft.com/?kbid=883380

It would be best to set the DWS to outlook.yourdomain.com , I think, if you have no other use for it.
0
 
LeeDerbyshireCommented:
Ah.  I think you need to use the other host header list at the bottom of the dialog - where it says Multiple SSL Identities - when you are using SSL.
0
 
viperacomAuthor Commented:
OK I have removed the original OMA vdir under DWS.
Have also set host header for DWS to outlook.yourdomain.com
Restarted IIS.
can still access outlook.yourdomain.com no probs.
can no longer access mobile.yourdomain.com - 404 page not found

so looks like it was using the DWS OMA vDir.

PS: Can not even access mobile.yourdomain.com:444/OMA

0
 
viperacomAuthor Commented:
the bottom list doesnt let you do headers though does it?
only ip and port?
0
 
LeeDerbyshireCommented:
I'm going to have to try and duplicate it here.  Each way I can think of approaching it ends up with at least one problem.
0
 
viperacomAuthor Commented:
And i thought you almost had it :(
Will setting up another public IP and NATing to a new internal static IP so that mobile.yourdomain.com has it's own unique IP help?
If it has to come to that, it is an option, just the least desirable one.
0
 
LeeDerbyshireCommented:
If you can route another Public IP in, that would be great.  Not everyone has that option these days.  It looks like we could do it with wildcard SSL (i.e. *.mydomain.com), but Windows Mobile apparently does not support wildcard SSL.
0
 
viperacomAuthor Commented:
Yes I want to avoid wildcard due to incompatibility and also because I have just paid for two seperate certificates.

If i go and setup an additional IP, do you have a plan that you think will work before I go down that road or would you rather play around with the orginal redirect idea?

PS: WHy does the default site need the redirect code in the default.asp if there is a host header set on each site, shouldnt the host headers do the trick on their own.
(As long as DWS was set to redirect to /exchange under current site and Mobile was set to redirect to /oma under current site in IIS) ?
0
 
viperacomAuthor Commented:
HI,

I have both websites running on seperate IP addresses now but it still wont allow me to set both to 443.
Any ideas? i thought this was only a problem when sharing an IP address?
0
 
viperacomAuthor Commented:
Ahhh restarted IIS.
Awesome, thanks for sticking with me.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.