URL error after login to OWA when using redirection in IIS to /owa

We have made a fresh installation of Small Business server 2011 including Ms Exchange 2010.

I've run the guides in the SBS Console and also made some small changes in Exchange manager.

So things are pretty "fresh" and https://webmail.domain.com/owa works like a charm.

I have followed the instruction exactly here: http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/ to redirect requests to http://webmail.domain.com to https://webmail.domain.com/owa

http://webmail.domain.com now takes me to the login screen (form based). Perfect. But after entering the credentials I get a HTTP 400-error and the address bar shows:
I press F5 (reload), the page is reloaded and I'm in, and from here everything seems to work.

So, pointing the browser to the main domain name without /owa (and getting redirected to (owa) gives the error described above, any ideas about that?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Madan SharmaConsultantCommented:
I have look on the article which you followed. and according to that we have to make changed under our default web site. But I strongly recommend not to modify or change any settings on default web site. So request you to revert all the changed you have done by following the above article. and you can achieve easily what you want to do by following up these steps:-

1. Open up your c drive and navigate to C:\inetpub\wwwroot
2. Create a new directory webmail.domain.com
3. Then open IIS console navigate to sites
4. Right click on site click on add website
5. give it name webmail.domain.com and select the physical path as C:\inetpub\wwwroot\webmail.domain.com
6. enter host name as webmail.domain.com and make sure start web immediately is selected and press ok button
7. Select the website webmail.domain.com click on http redirct
8. check redirect request to the destination and enter the value as https://webmail.domain.com/owa
9. Click on apply an you have done.
cheers !


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Martin_RadboAuthor Commented:
Thanks for the suggestion. I think that solution is a more clean way of doing this, but I am not sure if it will solve my problems. I give it a try and will post the result here.
Madan SharmaConsultantCommented:
It will 100% solve out your issue. I am using this with many of mu clients. So don't worry
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Martin_RadboAuthor Commented:
OK, I have added a new site listening to http://webmail.domain.com, redirected to https://webmail.domain.com/owa.

But as I expected, exectly the same problem occurs with this construction. So my original question still remains...
Martin_RadboAuthor Commented:
Just to clearify, I do not think the problem is with you instruction, but with something else. But the fact is that if I manually enter https://webmail.domain.com/owa directly in the browser, everything works fine.
Madan SharmaConsultantCommented:
did you revert the changed you made by following the link ???
Martin_RadboAuthor Commented:
The only real change in  the link was the http redirect from the default web site. The other changes described in the article were there only because the changes of the default site were inherited to the virtual folders.

So, I removed the http redirect for the default site. But I am uncertain of EXACTLY how the virtual folders should be configured. Do you know?

Madan SharmaConsultantCommented:
also tick mark on require SSL in SSL settings under default web sites
Madan SharmaConsultantCommented:
check here is the default SSL settings for all the directories:-

autodiscover directory = Require SSL = Client Certificate Ignore
ECP Directory  = Require SSL = Client Certificate Ignore
EVS  = Require SSL = Client Certificate Ignore
Microsoft-Server-ActiveSync  = Require SSL = Client Certificate Ignore
OAB directory = Not require SSL so uncheck it if checked
owa directory  = Require SSL = Client Certificate Ignore
Powershell direcotry = uncheck the SSL requrie = Accept the cliecnt certificate
RPC  = Require SSL = Client Certificate Ignore
RPC with cert  = Require SSL = Client Certificate Require

once all this will setup just reset your iis and try hope your issue will be resolve.

Martin_RadboAuthor Commented:
Done all, but still same error.
Madan SharmaConsultantCommented:
This issue it due to mis-configuration of authentication settings. So It will be better to reset all the exchange  access directories  you con do it as follows
if you do have exchange 2010 SP2 then you easily reset all exchange virtual directories via EMC by just navigate to Server Configuration = Client Access = In action bar click on Reset Client Access Directories reset wizard will start and reset all the directories to default else you have to reset these directories by manually removing them and recreate them again
check this link which have both options:-

Hiya, What authentication method are you using for your OWA virtual directory? you can view this in EMC, Server config, client Access, Outlook Web App, Properties.

Ideally you should be using FBA. Also whilst in there, have you correctly configured the external url? Finally what browser and version of it are you using? Non IE browser might not handle the redirect properly.
Martin_RadboAuthor Commented:
Hi Radweld.

I'm using FBA auth, (user name only).

For the external URL I have tried both https://webmail.domain.com/owa and http://webmail.domain.com 
Internal URL are https://servername.domain.local/owa 

I'm using pure IE, have tried som different versions. Most IE 9 but also IE 8.

Akicute555Date: It is Exchange 2010. I have run the commands for each virtual directory yesterday to reset them to default, but without any difference to the problem.
Madan SharmaConsultantCommented:
After doing all these steps did you clear cookies etc for your browser. Also give a try to another browser like chrome and mozila etc as exchange 2010 owa supports almost all the browsers
Martin_RadboAuthor Commented:
Yes, cookies and temp internet files are cleared before attempting again.

I have also tried with brand new Google Crome installation, and that is one step worse since F5 (reload) does not work to get throw the error the same way it does in IE.

So, sadly, still same status. :-(
Madan SharmaConsultantCommented:
you didn't mention yet which version of exchange 2010 you do have please share that with us.  and also check this as exchange 2010 with SP1 have this issue with IE9 and other browsers as well

Martin_RadboAuthor Commented:
We have version 14.01.0355.002.

WIndows update says all updates are installed, please see attached picture.  Screenshot of installed updates
Madan SharmaConsultantCommented:
No your exchange server is not fully updated you have to install exchange 2010 updates

check this link for the latest updates:-
Martin_RadboAuthor Commented:
Just to do it right, I suppose this is the line for me:
2010      SP1         Aug2010        Release Notes Download  
I dont think Service pack 2 will fix this because my own server is still on SP1 (no rollups and works perfecty with a redirect.) Its worth installing SP2 for sure but I really dont think it will fix your problem. I've been wrong before though.
Martin_RadboAuthor Commented:
SP2 installed, server rebooted, same error.
Madan SharmaConsultantCommented:
Try to reinstalling IIS then reconfigure your CAS server. Issue could also be due to application pool configuration in IIS.
Martin_RadboAuthor Commented:
Reinstallating IIS is simple done by removing that Role and than add it back.

What steps are you thinking of to reconfigure CAS?
Madan SharmaConsultantCommented:
1. Uninstall your CAS server role
2. Uninstall IIS from your server
3. Search from metabase.xml ( Typical Location is C:\Windows\System32\Inetsrv)
4. have backup this file then delete if from this location
5. Restart server and install IIS role again with required feature of exchange.
6. Install Exchange CAS server role again.

Martin_RadboAuthor Commented:
Should I put metabase.xml back or not?

I have done 1-6 above, and now it do not work so well. I tried to start with the connect-to-internet-wizard in the SBS console which gave me "an unknown error", se picture.  Internet connection wizard error message
Madan SharmaConsultantCommented:
was installation of IIS and CAS role successful ?? if yes then test it by accessing on client pc..

and please also make sure all exchange services and IIS service running..
Martin_RadboAuthor Commented:
Yes, installation of IIS and CAS was successful.

But, I had problems with WinRM and connection to Powershell, (could not start EMC) had to work with that for a while but now it works.

Status now:
http://localhost/owa gives me login page, login is fine, email in the inbox is shown, but as soon as do anything (try to show en email, press reply, new email) I got an error saying (translated from swedish):

"Could not handle the request. The cause could be beacuse of security reasons or that the session reached the time limit"

So we need to get rid of this before trying anything else.
Martin_RadboAuthor Commented:
This seems to be a timeconsuming process. Since the server is not taken in production yet, I would like to try to remove both Exchange and IIS completely and start from scratch. But I can not reinstall the whole server so I am not sure if SBS Server 2011 "allows" me to remove the Exchange without using the SBS console.

What are your recommendation?
Madan SharmaConsultantCommented:
You can uninstall the iis and exchange without using SBS console. As your server is not in production yet so I'll advice you to do new brand new installation of whole server.Cause there chances for the issues to come out again after reinstallaion of exchaneg and IIS. Also your SBS console it now working right and we have to almost all the work with SBS console in SBS versions.

So if possible please do a completely brand new installation of your server.
Good Luck.
Martin_RadboAuthor Commented:
There are several weeks of work with this server so our customer will not allow us to do a complete reinstall. Sorry.

So question is which way we should proceed now when you know this it not possible?
Madan SharmaConsultantCommented:
ok So first of all we should have to repair our SBS console

follow this article and repair it:-
http://technet.microsoft.com/en-us/library/gg680337.aspx once it complete then ping me .

In the meantime I looking for the timeout issue of owa.
Also make sure that exchange is working with outlook correctly
Martin_RadboAuthor Commented:
* Exchange is working 100 % with Outlook, sending/receiving email and common task works great.

* IIS default website works (the standard IIS 7 web page with several languages)

* A small FTP site in IIS also works.

I will do a repair of SBS console and get back with status.
Madan SharmaConsultantCommented:
for owa time out issue check this link:- http://technet.microsoft.com/en-us/library/bb124787.aspx
Martin_RadboAuthor Commented:
Done: Repair the SBS Console
Done: Changed the time out value

Same error. I thinkit has to do with the reinstallation of IIS, something must have happened then.
Madan SharmaConsultantCommented:
r u able to use SBS console now ? what error you are facing now ? is that with owa or anything else ?
Martin_RadboAuthor Commented:
This error:
http://localhost/owa gives me login page, login is fine, email in the inbox is shown, but as soon as do anything (try to show en email, press reply, new email) I got an error saying (translated from swedish):
"Could not handle the request. The cause could be beacuse of security reasons or that the session reached the time limit"

what is the internal and external URL Configured? Are they having Https?

In this example, it looks like you are accessing the URL by http?
Martin_RadboAuthor Commented:
I had to reinstall the server from scratch, could not deal with all theese problems any more.
Madan SharmaConsultantCommented:
I already did advise you in my previous  comment. As this server isn't live yet.

Anyways best of luck
Martin_RadboAuthor Commented:
I know you adviced me that, which will always be a working solution, but that was not my wish since it gave me several days of work before getting back to same status of the server as before.

Anyway, I will send you som points no matter what, since you tried the best you could to solve the problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.