Solved

Getting OWA to use a different port for SSL

Posted on 2011-02-18
11
1,318 Views
Last Modified: 2012-05-11
Hi All!

Have an SBS 2003 server as part of a network in which Port 443 is already being used for an SSL certificate on another machine, for another purpose (and so is being port forwarded by the router)

Obviously when I try to setup OWA, the HTTPS requests are port forwarded to that other machine, and OWA doesn't connect.  I SUPPOSE I could configure OWA to run without the SSL, but I'm not crazy about that plan.

So, I GUESS the best way to go would be to use a different port for the OWA SSL, but I have no idea how to proceed.

I recall in the past when installing GoDaddy SSL certs, one of the options is "what port to use", but then do I have to change the ports on all the Virtual Directories (under the default site) in the IIS Manager also?

Any guidance, thoughts, etc would be appreciated!


Thanks!

mark
0
Comment
Question by:markhaase
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 6

Expert Comment

by:Joking
ID: 34931656
The IIS port will propagate down from the root all the way to the sub directories, unless they have been specifically specified.

in Exchange 2003, just setting the port in IIS should be fine. Test internally before trying to port forward from the firewall - and remember your users will need to specify the port in the URL - but Outlook won't be able to use RPC over HTTP.
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 500 total points
ID: 34931659
Most routers support "port translation" so you may not actually need to change anything on the server. Simply forward publicIP:444->PrivateIP:443  This way OWA will work on your new port, but you don'y have to mess with the server.

A better solution would be to have your ISP route a few additional IP Addresses to your connection. Then you could port forward 443 independently on each connection.

BUT to actually answer your question, you can change the SSL Port quite simply by going into the properties of the default website (IIS Admin console) and changing the SSL port number. You do not need to do it on all the virtual directories, just the highest level.

Andy
0
 

Author Comment

by:markhaase
ID: 34931688
aoakeley:  Yes, unfortunately this router doesn't do translation.  I like the additional IP address idea...as that would preserve the Outlook via HTTP ability, but I can't get that in time for when I need OWA to work.

Re: Users having to enter port -- I was thinking of having a "redirect page" on the HTTP page that would automatically send them to HTTPS://WEBMAIL.DOMAIN.COM:444.  Thoughts?

aoakeley & Joking: Do I need to do anything special to/with the GoDaddy SSL cert to get it to work with the new port?

Thanks!



0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 17

Expert Comment

by:aoakeley
ID: 34931711
no you do not need to do anything with the godaddy cert. As long as it is correctly assigned to the site it will work with the new port.

Yes a redirect on port 80 to redirect to https://server.com:444/ would be a good idea.

What model router is it?
0
 

Author Comment

by:markhaase
ID: 34931754
It's a Netgear WNR1000 V2

Hmmm.  OK, I set the SSL port on the default web page to 450.  Now, if I go to:

http://127.0.0.1:450/exchange

from the server console, it works as expected.  BUT (after forwarding port 450 to the machine), going to:

https://webmail.<domain>.com:450/exchange

from the outside world, lets me logon, but I never get any data in the OWA display.  Where the list of emails should be, it continuously displays "Loading...".  And if I select "Calendar", the basic framework displays, but I get an "Updating" icon, and none of the users actual calendar data shows up.

Any thoughts?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34931780
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34931811
0
 

Author Comment

by:markhaase
ID: 34931847
So it looks like Just changing the SSL port won't do it after all on an SBS.  Looks llike Ill have to try replacing the router with one that does port translationn.

You have any preferences on a consumer grade (that means "cheap") model that does it?   I have a couple of the old Linksys WRT54G's around here - but I forget if they'll do it.

Anyway....looks like bed time for me - gotta get a fresh look tomorrow.  Thanks for your help
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34931858
If the WRT54G does not do it out of the box, then flash it with www.dd-wrt.com then it will definately do it.
0
 

Author Closing Comment

by:markhaase
ID: 34931946
Seems like port translating will be the easiest and least likely to break something in SBS, so since that was a suggestion of aoakeley, he gets the points.  Thanks!
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 34932004
Juat an end note to this.... port translation will get you OWA, but ActiveSync and RPC over HTTP will both break. As they must use port 443. Getting additional Public IP addresses is probably the best solution
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question