• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 550
  • Last Modified:

OWA for Server 2003/Exchange 2003

I have configured access to OWA with a self-signed certificate over HTTPS for Users connecting to company network. When I connect to https://mail.company.com/exchange from the outside or inside world, I get the windows dialog window for credentials.

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
4. Any other recommendations?
0
Flipp
Asked:
Flipp
3 Solutions
 
Shack-DaddyCommented:
It sounds to me like you do not have Forms Based Authentication turned on. In the Exchange System Manager, drill down into Server -> Protocols and get properties on HTTP and then enable Forms Based Authentication. Do an IISReset after that and see if your OWA experience changes. If you are still having issues, you may need to tweak some things if you are running in a single-server environment and aren't using SBS.
0
 
Shack-DaddyCommented:
Actually, my main recommendation beyond enabling FBA is to use a public cert. Not worth the hassle to distribute self-signed. Is there a reason you can't use a GoDaddy cert in Australia? It should be affordable and available there. You can even find promo codes to use at livecodes.blogspot.com that will give you a discount on new certs.
0
 
ngcmosCommented:

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
-The log in prompt is because you have Basic Authentication...you need to enable Forms Based Authentication for the "website login form"...you can have both enabled

2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
-On the client machine open a console window (run--->mmc) then select add snap in, and select certificates, On the left right click on Trusted Certificate Authorities and select import go ahead and import the CA cert first, then the domain cert

3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
I use www.netsol.com and www.godaddy.com  one of them should work

4. Any other recommendations?
Make sure you have everything right on your self signed ssl cert correct if something is not rigt IE or any browser will flag you about it...can be a pain...

I am IT consultant with many Small Biz as clients...i always use self signed certs...only time i recommend buying one is for public sites...that need a recognized certificate authority
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
FlippAuthor Commented:
Thank you ngcmos and shackdaddy.

1. On which component in IIS do I enable FBA?
2. Not sure what you mean by the CA Cert then the Domain Cert? I only have one Self-Signed Cert which I exported from http://servername/certsvr
3. Regarding SSL Certs from supplier, when would I need a Multiple or Unlimited Domain? If for example my client only has domain.com, then what type of use cases would I use multiple?
0
 
FlippAuthor Commented:
In addition, what considerations do I need to make as far as where to apply a third-party cert? I currently only see OWA being used so am I issuing on Exchange site or Default Site?
0
 
Shack-DaddyCommented:
Just get a single-name cert. You would use multiple if you were running Exchange 2007 or Exchange 2010 and weren't using SBS 2008 or SBS 2011.

Read my notes on enabling FBA--you enable it using the Exchange System Manager -> Server - > Protocols -> HTTP -> Properties.

When I provision a cert I set up a new dummy website in IIS and request it from there. Then when I get the cert back from GoDaddy, I install it on that Dummy site. Then I enable the cert on the Exchange site.
0
 
FlippAuthor Commented:
Cool - so FBA is all set.

I am still a bit stuck on the provisioning the cert thing - setting up a dummy site I suppose works, but I assume there is a general best practice to follow here. Should I provision from Default Site? Issues with doing this?

Have you got any info on the Single vs Multiple I can reference?
0
 
e_aravindCommented:
It shouldn't be a problem

You can generate the cert. request from the Default-web-site to a .cer file
Continue the DWS with the current self-signed one
After receiving the response from the Vendor, assign the same to the DWS
0
 
FlippAuthor Commented:
Sounds good - so once I get it back from Go Daddy, I will assign to DWS, but do I also need to assign to /Exchange directory in IIS?
0
 
Shack-DaddyCommented:
No, you only assign certs to the root web site.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now