Redirect OWA to HTTPS

To Experts,

When users type http://mail.contoso.com, I would like the traffic to go to this website address https://mail.contoso.com/owa. How to configure the IIS? I'm runningWindows Server 2003 with Exchange 2007.

Thanks!
reysriveraAsked:
Who is Participating?
 
FearNoMoreConnect With a Mentor Commented:
If Microsoft did not consider it best practice then they would not have published an article explaining how to do it

http://technet.microsoft.com/en-us/library/aa998359.aspx
 
0
 
bob_the_builderConnect With a Mentor Commented:
0
 
reysriveraAuthor Commented:
I real don't know must about IIS 6 so is there step-by-step instruction on how to do this?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
FearNoMoreCommented:
0
 
aletjollyCommented:
As you said that you are having Windows 2003. Kindly have a look on below link:
http://exchange.mvps.org/owaredirect_frames.htm

Note: In the above link replace /exchange with /owa
0
 
aletjollyCommented:
Sorry mistyped instead of "/exchange" please type in "https://mail.contoso.com/owa"
0
 
davegoochConnect With a Mentor Commented:
When I setup Outlook Web Access at my company, I also wanted to redirect HTTP to HTTPS. However, a Microsoft consultant told me not to do it. Apparently it is not a "best practice" to allow unencrypted HTTP into an Exchange front-end server, however briefly. It seems that Microsoft is afraid that it could be used to compromise the server. It seems silly, but that's what Microsoft told me, so our OWA server requires users to connect with HTTPS and does not redirect.
0
 
reysriveraAuthor Commented:
davegooch:

Do you have the article from Microsoft about there claim? I myself not comfortable about the redirection and I'm trying to get article from Microsoft its not good practice.
0
 
davegoochCommented:
Reysrivera, I was given this warning verbally and have so far not been able to find the same warning in writing. I can however give you the email address of the Microsoft consultant who told me this, if you would like to ask her yourself.

In a quick Google search this morning, I found one blog post that starts this way:

It is best practice to require users to use a secure connection for OWA, but it is impractical to train them to type a specific URL such as https://owa.myorg.com/exchange.

That blog post continues to describe a different approach than the Technet article in the previous post. Perhaps this is more secure - http://blog.pennic.com/?p=5
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.