Configuring OWA in the following way:
User --> SecurityProxy --> OWA (front end) --> OWA (back end)
User to SecurityProxy is SSL(https/443), all other traffic is TCP (http/80). OWA (front end) configured with basic auth challenge, and security proxy provides credentials. Per MS KB article, security proxy is providing "Front-End-Https
: on" in the header.
The OWA loads and single signs in fine. Using Firefox, the "light" version of the client load and works just fine. Using IE, the "full" version of the client loads halfway and then fails on loading. The default OWA "full" version layout has three frames. The first two load fine, the the last one has trouble because the browser is trying to open mail on a URL with the OWA (front end) servers address instead of the Security Proxy Address.
This is evident when viewing source of the mail frame, which shows "http://owafrontend/exchange/path/to/mail
". If I then paste append the URL path to the email content on the SecurityProxy URL "https://securityproxyexchange/path/to/mail
" - it does open in the window.
I *believe* (not validated) that what is happening is that the back end server is generating the list of URLs and uses the front end server address in the process, and forwards them back through the front end to the SecurityProxy. Typically the SecurityProxy would handle this, and does, as demonstrated in the light version of OWA through Firefox. Somehow, the OWA "full" client is slipping through with URLs that are hard coded to the "frontend" server and I *believe* that some how it is clientside presenting these links?
The question is:
Is there a way to make a code or configuration change to OWA to have mail items generated with URLs pointing to the https://SecurityProxy
instead of http://owafrontend?