[Last Call] Learn how to a build a cloud-first strategyRegister Now


How do I copy a IIS/OWA website so I can add a different host header and secure certificate to the new site?

Posted on 2007-07-25
Medium Priority
Last Modified: 2012-05-05
I currently have a windows 2003 server running exchange 2003 and IIS 6.0 and I have one working exchange OWA site running within my IIS that was there when I started.  It has a perfectly working host header and digital certificate for the domain it is hosting.  I need to either find a way to add a second secure certificate to that site for a different domain name so it will do ssl for both or copy that site, change the host header, give windows a second IP, bind that new site to the other IP and load it's digital certificate into the new site.  What I can't figure out is how to copy an IIS site (OWA specifically).  Please help.
Question by:AAAOK
  • 3
  • 2
LVL 104

Expert Comment

ID: 19565606
You can't use host headers with SSL certificates.
While in theory you can copy the web services to another virtual server, it is not something that Microsoft support. If you call Microsoft for support they will only talk about whatever is on the default web site.
You can try exporting the directory configuration and importing it on to the second site, but there is a high chance it will not work - Exchange is not designed to work in that way.


Author Comment

ID: 19565635
Ok.  How do I get two different ssl certs on one site then?  I had two different exchange sites running at my old job but openly admit that was setup before I got there.  I basically need the same thing here now.
LVL 104

Expert Comment

ID: 19565650
I don't know how it was done before. You cannot have two SSL certificates on the same site. The other site may have done something that was not supported. The fact that someone else has done it does not mean it is the correct thing to do, is supported, or is the best way of achieving an objective.

What is the objection to having everyone use the same site? It is just a URL for access.

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 19565687
Thanks for your help.  Ok.  forget the ssl and the host headers.  How do I copy the current iis website that is my owa?  Is that what your saying isn't supported?  I have seen several IIS sites for several exchange domains pretty much everywhere I have ever worked.  I was under the impression that was how you got the digital certs loaded for all the host/domains you have to support.  I may not be wording my question correctly.  
LVL 104

Accepted Solution

Sembee earned 1000 total points
ID: 19565723
That may be how some people do it, but it isn't something I do.

If the server is hosting multiple domains then all the users get a single URL to access for OWA. That same URL also does RPC over HTTPS, Windows Mobile support etc. Single SSL certificate is used. I don't see any point in setting up multiple web sites just for the aesthetic appeal of a unique URL.

If you want to do it, then you have to add the web sites first, and then add the virtual directories through ESM. In some cases you have to export the virtual directories and then import them again. I have seen it tried and fail on numerous occasions.

LVL 31

Assisted Solution

LeeDerbyshire earned 1000 total points
ID: 19566408
Just to clarify, if you add extra sites in IIS Manager, then you won't be able to add Exchange Virtual Directories to them in ESM, because it won't list the extra sites.  ESM will only list sites (known in ESM as Virtual HTTP Servers) that were added in ESM.  It is possible to add an OWA VDir to a site created in IIS Manager by exporting the configuration of the existing Exchange VDir to a file, and then importing it into the extra sites.

If you create an extra site in ESM, you don't need to create an Exchange VDir underneath it, because the ESM-added sites are dedicated to OWA anyway.

You can't use SSL with host headers because the request needs to be decrypted against a site certificate, which means that IIS needs to choose a site before it gets a chance to see the server name used in the request.  Kind of a Catch-22 situation.  To use SSL on each site they would all need unique IP addresses and/or port numbers.

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
How to effectively resolve the number one email related issue received by helpdesks.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question