Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 697
  • Last Modified:

HTTP and HTTPS OWA server

Hello

We are using Exchange 2003 SP2, front end and backend server. Front end is currently serving OWA over web, i.e. http://owa.companyA.co.uk

I would like to implement OWA over HTTPS, however don't want to disrupt the users too much until I am certain it is working. Is it possible to have two OWA servers running concurrently? For instance, http://owa.companyA.co.uk and https://owa2.companyA.co.uk? I'm assuming this would have to be on a different box?

Also, we have no mailboxes on the front end server, it is used purely for OWA. Is there any security benefit in removing (or perhaps not installing in the first place) the Information Store?

Thanks in advance...

0
Dilan77
Asked:
Dilan77
2 Solutions
 
poweruser32Commented:
no you would need to put in another BE server but you would be still going through the FE to access each BE-no other way
you should not be trying to use http anyway for owa -this is insecure
you cannot have mailboxes on a FE -full stop
0
 
toibrahimCommented:
Well, since you have a working configuration with FE and BE Servers in HTTP mode, I think adding HTTPS should not be that painful.

Install the Certificate on your FE Server. Do not check the "Require SSL" under Secure communications under the Directory Security Tab. This will allow HTTP as well as HTTPS. Once you feel satisfied with HTTPS for testing just force it for everyone.

There are security risks exposing your BE Server (Mailbox) to the Internet.

IK
0
 
nitadminCommented:
Have you already setup OWA?
Do you have a SSL cert from a public CA configured on your OWA website?
Do you have Service Pack 2 for Exchange 2003?
 
Here are articles from Daniel Petri's website. which tell you how to do this.
All you have to do is install Service pack 2. Install SSL cert. Enable form based authentication.
You probably already have service pack 2 and the SSL cert from a public CA?
 

http://www.petri.co.il/configure_ssl_on_oma.htm

http://www.petri.co.il/configure_ssl_on_owa.htm

http://www.petri.co.il/configure_oma.htm

http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

Cheers,
NITADMIN
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Dilan77Author Commented:
Hi

Yeah, we've already set up OWA and it's running fine using HTTP. I wanted to check if it was possible to run both HTTP and HTTPS at the same time, that way if a remote user was not able to connect via HTTPS (for whatever reason), they could always fall back on HTTP until we resolved the problem. Toibrahim has answered this part of the question.

We're running Exchange 2003 SP2, and I have tried running OWA over HTTPS using a third party (RapidSSL) certificate over one weekend, which went without hitch.

My second question was if there was any point in disabling the information store on the FE server for security reasons. I have heard of other people building FE servers for the specific use of OWA and not installing the Information Store. Since there are no mailboxes on that server, it's not needed and is one less (major) service that can be compromised. Has anyone seen this before?
0
 
SembeeCommented:
If the frontend server is for just OWA and not for inbound email, then you can remove the information store. That is a scenario discussed in the frontend/backend scenario.

As for your reasons for wanting to run with HTTP and HTTPS, I wouldn't accept that. I force all of my sites to use https, no exceptions. I don't even allow http traffic in to the network. If a site wouldn't allow connection to https then that would be very suspicious to me, as that means the user names and passwords would be going across in the clear.

Simon.
0
 
Dilan77Author Commented:
Points taken on board....thanks everyone...
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now