Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 736
  • Last Modified:

Redirect OWA to HTTPS

To Experts,

When users type http://mail.contoso.com, I would like the traffic to go to this website address https://mail.contoso.com/owa. How to configure the IIS? I'm runningWindows Server 2003 with Exchange 2007.

Thanks!
0
reysrivera
Asked:
reysrivera
  • 2
  • 2
  • 2
  • +2
3 Solutions
 
bob_the_builderCommented:
0
 
reysriveraAuthor Commented:
I real don't know must about IIS 6 so is there step-by-step instruction on how to do this?
0
 
FearNoMoreCommented:
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
aletjollyCommented:
As you said that you are having Windows 2003. Kindly have a look on below link:
http://exchange.mvps.org/owaredirect_frames.htm

Note: In the above link replace /exchange with /owa
0
 
aletjollyCommented:
Sorry mistyped instead of "/exchange" please type in "https://mail.contoso.com/owa"
0
 
davegoochCommented:
When I setup Outlook Web Access at my company, I also wanted to redirect HTTP to HTTPS. However, a Microsoft consultant told me not to do it. Apparently it is not a "best practice" to allow unencrypted HTTP into an Exchange front-end server, however briefly. It seems that Microsoft is afraid that it could be used to compromise the server. It seems silly, but that's what Microsoft told me, so our OWA server requires users to connect with HTTPS and does not redirect.
0
 
reysriveraAuthor Commented:
davegooch:

Do you have the article from Microsoft about there claim? I myself not comfortable about the redirection and I'm trying to get article from Microsoft its not good practice.
0
 
FearNoMoreCommented:
If Microsoft did not consider it best practice then they would not have published an article explaining how to do it

http://technet.microsoft.com/en-us/library/aa998359.aspx
 
0
 
davegoochCommented:
Reysrivera, I was given this warning verbally and have so far not been able to find the same warning in writing. I can however give you the email address of the Microsoft consultant who told me this, if you would like to ask her yourself.

In a quick Google search this morning, I found one blog post that starts this way:

It is best practice to require users to use a secure connection for OWA, but it is impractical to train them to type a specific URL such as https://owa.myorg.com/exchange.

That blog post continues to describe a different approach than the Technet article in the previous post. Perhaps this is more secure - http://blog.pennic.com/?p=5
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now