Solved

Getting OWA to use a different port for SSL

Posted on 2011-02-18
11
1,312 Views
Last Modified: 2012-05-11
Hi All!

Have an SBS 2003 server as part of a network in which Port 443 is already being used for an SSL certificate on another machine, for another purpose (and so is being port forwarded by the router)

Obviously when I try to setup OWA, the HTTPS requests are port forwarded to that other machine, and OWA doesn't connect.  I SUPPOSE I could configure OWA to run without the SSL, but I'm not crazy about that plan.

So, I GUESS the best way to go would be to use a different port for the OWA SSL, but I have no idea how to proceed.

I recall in the past when installing GoDaddy SSL certs, one of the options is "what port to use", but then do I have to change the ports on all the Virtual Directories (under the default site) in the IIS Manager also?

Any guidance, thoughts, etc would be appreciated!


Thanks!

mark
0
Comment
Question by:markhaase
  • 6
  • 4
11 Comments
 
LVL 6

Expert Comment

by:Joking
ID: 34931656
The IIS port will propagate down from the root all the way to the sub directories, unless they have been specifically specified.

in Exchange 2003, just setting the port in IIS should be fine. Test internally before trying to port forward from the firewall - and remember your users will need to specify the port in the URL - but Outlook won't be able to use RPC over HTTP.
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 500 total points
ID: 34931659
Most routers support "port translation" so you may not actually need to change anything on the server. Simply forward publicIP:444->PrivateIP:443  This way OWA will work on your new port, but you don'y have to mess with the server.

A better solution would be to have your ISP route a few additional IP Addresses to your connection. Then you could port forward 443 independently on each connection.

BUT to actually answer your question, you can change the SSL Port quite simply by going into the properties of the default website (IIS Admin console) and changing the SSL port number. You do not need to do it on all the virtual directories, just the highest level.

Andy
0
 

Author Comment

by:markhaase
ID: 34931688
aoakeley:  Yes, unfortunately this router doesn't do translation.  I like the additional IP address idea...as that would preserve the Outlook via HTTP ability, but I can't get that in time for when I need OWA to work.

Re: Users having to enter port -- I was thinking of having a "redirect page" on the HTTP page that would automatically send them to HTTPS://WEBMAIL.DOMAIN.COM:444.  Thoughts?

aoakeley & Joking: Do I need to do anything special to/with the GoDaddy SSL cert to get it to work with the new port?

Thanks!



0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34931711
no you do not need to do anything with the godaddy cert. As long as it is correctly assigned to the site it will work with the new port.

Yes a redirect on port 80 to redirect to https://server.com:444/ would be a good idea.

What model router is it?
0
 

Author Comment

by:markhaase
ID: 34931754
It's a Netgear WNR1000 V2

Hmmm.  OK, I set the SSL port on the default web page to 450.  Now, if I go to:

http://127.0.0.1:450/exchange

from the server console, it works as expected.  BUT (after forwarding port 450 to the machine), going to:

https://webmail.<domain>.com:450/exchange

from the outside world, lets me logon, but I never get any data in the OWA display.  Where the list of emails should be, it continuously displays "Loading...".  And if I select "Calendar", the basic framework displays, but I get an "Updating" icon, and none of the users actual calendar data shows up.

Any thoughts?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 17

Expert Comment

by:aoakeley
ID: 34931780
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34931811
0
 

Author Comment

by:markhaase
ID: 34931847
So it looks like Just changing the SSL port won't do it after all on an SBS.  Looks llike Ill have to try replacing the router with one that does port translationn.

You have any preferences on a consumer grade (that means "cheap") model that does it?   I have a couple of the old Linksys WRT54G's around here - but I forget if they'll do it.

Anyway....looks like bed time for me - gotta get a fresh look tomorrow.  Thanks for your help
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34931858
If the WRT54G does not do it out of the box, then flash it with www.dd-wrt.com then it will definately do it.
0
 

Author Closing Comment

by:markhaase
ID: 34931946
Seems like port translating will be the easiest and least likely to break something in SBS, so since that was a suggestion of aoakeley, he gets the points.  Thanks!
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34932004
Juat an end note to this.... port translation will get you OWA, but ActiveSync and RPC over HTTP will both break. As they must use port 443. Getting additional Public IP addresses is probably the best solution
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now