?
Solved

OWA for Server 2003/Exchange 2003

Posted on 2010-11-29
10
Medium Priority
?
547 Views
Last Modified: 2012-05-10
I have configured access to OWA with a self-signed certificate over HTTPS for Users connecting to company network. When I connect to https://mail.company.com/exchange from the outside or inside world, I get the windows dialog window for credentials.

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
4. Any other recommendations?
0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 600 total points
ID: 34235823
It sounds to me like you do not have Forms Based Authentication turned on. In the Exchange System Manager, drill down into Server -> Protocols and get properties on HTTP and then enable Forms Based Authentication. Do an IISReset after that and see if your OWA experience changes. If you are still having issues, you may need to tweak some things if you are running in a single-server environment and aren't using SBS.
0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34235851
Actually, my main recommendation beyond enabling FBA is to use a public cert. Not worth the hassle to distribute self-signed. Is there a reason you can't use a GoDaddy cert in Australia? It should be affordable and available there. You can even find promo codes to use at livecodes.blogspot.com that will give you a discount on new certs.
0
 
LVL 3

Accepted Solution

by:
ngcmos earned 1200 total points
ID: 34235938

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
-The log in prompt is because you have Basic Authentication...you need to enable Forms Based Authentication for the "website login form"...you can have both enabled

2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
-On the client machine open a console window (run--->mmc) then select add snap in, and select certificates, On the left right click on Trusted Certificate Authorities and select import go ahead and import the CA cert first, then the domain cert

3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
I use www.netsol.com and www.godaddy.com  one of them should work

4. Any other recommendations?
Make sure you have everything right on your self signed ssl cert correct if something is not rigt IE or any browser will flag you about it...can be a pain...

I am IT consultant with many Small Biz as clients...i always use self signed certs...only time i recommend buying one is for public sites...that need a recognized certificate authority
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 6

Author Comment

by:Flipp
ID: 34235999
Thank you ngcmos and shackdaddy.

1. On which component in IIS do I enable FBA?
2. Not sure what you mean by the CA Cert then the Domain Cert? I only have one Self-Signed Cert which I exported from http://servername/certsvr
3. Regarding SSL Certs from supplier, when would I need a Multiple or Unlimited Domain? If for example my client only has domain.com, then what type of use cases would I use multiple?
0
 
LVL 6

Author Comment

by:Flipp
ID: 34236073
In addition, what considerations do I need to make as far as where to apply a third-party cert? I currently only see OWA being used so am I issuing on Exchange site or Default Site?
0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34236116
Just get a single-name cert. You would use multiple if you were running Exchange 2007 or Exchange 2010 and weren't using SBS 2008 or SBS 2011.

Read my notes on enabling FBA--you enable it using the Exchange System Manager -> Server - > Protocols -> HTTP -> Properties.

When I provision a cert I set up a new dummy website in IIS and request it from there. Then when I get the cert back from GoDaddy, I install it on that Dummy site. Then I enable the cert on the Exchange site.
0
 
LVL 6

Author Comment

by:Flipp
ID: 34236231
Cool - so FBA is all set.

I am still a bit stuck on the provisioning the cert thing - setting up a dummy site I suppose works, but I assume there is a general best practice to follow here. Should I provision from Default Site? Issues with doing this?

Have you got any info on the Single vs Multiple I can reference?
0
 
LVL 26

Assisted Solution

by:e_aravind
e_aravind earned 200 total points
ID: 34236297
It shouldn't be a problem

You can generate the cert. request from the Default-web-site to a .cer file
Continue the DWS with the current self-signed one
After receiving the response from the Vendor, assign the same to the DWS
0
 
LVL 6

Author Comment

by:Flipp
ID: 34236304
Sounds good - so once I get it back from Go Daddy, I will assign to DWS, but do I also need to assign to /Exchange directory in IIS?
0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34236740
No, you only assign certs to the root web site.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
In-place Upgrading Dirsync to Azure AD Connect
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question