Solved

OWA for Server 2003/Exchange 2003

Posted on 2010-11-29
10
538 Views
Last Modified: 2012-05-10
I have configured access to OWA with a self-signed certificate over HTTPS for Users connecting to company network. When I connect to https://mail.company.com/exchange from the outside or inside world, I get the windows dialog window for credentials.

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
4. Any other recommendations?
0
Comment
Question by:Flipp
10 Comments
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 150 total points
ID: 34235823
It sounds to me like you do not have Forms Based Authentication turned on. In the Exchange System Manager, drill down into Server -> Protocols and get properties on HTTP and then enable Forms Based Authentication. Do an IISReset after that and see if your OWA experience changes. If you are still having issues, you may need to tweak some things if you are running in a single-server environment and aren't using SBS.
0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34235851
Actually, my main recommendation beyond enabling FBA is to use a public cert. Not worth the hassle to distribute self-signed. Is there a reason you can't use a GoDaddy cert in Australia? It should be affordable and available there. You can even find promo codes to use at livecodes.blogspot.com that will give you a discount on new certs.
0
 
LVL 3

Accepted Solution

by:
ngcmos earned 300 total points
ID: 34235938

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
-The log in prompt is because you have Basic Authentication...you need to enable Forms Based Authentication for the "website login form"...you can have both enabled

2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
-On the client machine open a console window (run--->mmc) then select add snap in, and select certificates, On the left right click on Trusted Certificate Authorities and select import go ahead and import the CA cert first, then the domain cert

3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
I use www.netsol.com and www.godaddy.com  one of them should work

4. Any other recommendations?
Make sure you have everything right on your self signed ssl cert correct if something is not rigt IE or any browser will flag you about it...can be a pain...

I am IT consultant with many Small Biz as clients...i always use self signed certs...only time i recommend buying one is for public sites...that need a recognized certificate authority
0
 
LVL 6

Author Comment

by:Flipp
ID: 34235999
Thank you ngcmos and shackdaddy.

1. On which component in IIS do I enable FBA?
2. Not sure what you mean by the CA Cert then the Domain Cert? I only have one Self-Signed Cert which I exported from http://servername/certsvr
3. Regarding SSL Certs from supplier, when would I need a Multiple or Unlimited Domain? If for example my client only has domain.com, then what type of use cases would I use multiple?
0
 
LVL 6

Author Comment

by:Flipp
ID: 34236073
In addition, what considerations do I need to make as far as where to apply a third-party cert? I currently only see OWA being used so am I issuing on Exchange site or Default Site?
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34236116
Just get a single-name cert. You would use multiple if you were running Exchange 2007 or Exchange 2010 and weren't using SBS 2008 or SBS 2011.

Read my notes on enabling FBA--you enable it using the Exchange System Manager -> Server - > Protocols -> HTTP -> Properties.

When I provision a cert I set up a new dummy website in IIS and request it from there. Then when I get the cert back from GoDaddy, I install it on that Dummy site. Then I enable the cert on the Exchange site.
0
 
LVL 6

Author Comment

by:Flipp
ID: 34236231
Cool - so FBA is all set.

I am still a bit stuck on the provisioning the cert thing - setting up a dummy site I suppose works, but I assume there is a general best practice to follow here. Should I provision from Default Site? Issues with doing this?

Have you got any info on the Single vs Multiple I can reference?
0
 
LVL 26

Assisted Solution

by:e_aravind
e_aravind earned 50 total points
ID: 34236297
It shouldn't be a problem

You can generate the cert. request from the Default-web-site to a .cer file
Continue the DWS with the current self-signed one
After receiving the response from the Vendor, assign the same to the DWS
0
 
LVL 6

Author Comment

by:Flipp
ID: 34236304
Sounds good - so once I get it back from Go Daddy, I will assign to DWS, but do I also need to assign to /Exchange directory in IIS?
0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34236740
No, you only assign certs to the root web site.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now