?
Solved

IIS 6 and Exchange 2003

Posted on 2012-09-13
16
Medium Priority
?
958 Views
Last Modified: 2012-09-14
Hi Experts,

I've purchased a UCC SSL cert to be able to use Outlook Web Access (Exchange 2003) securely.
The primary name for this cert is mail.domain.org.uk.

With the exception of setting up A records and DNS. Can someone tell me
how I can setup IIS 6 so that when I enter the url: https://mail.domain.org.uk 
it brings up the login for Outlook Web Access?

Currently when I login internally to https://Lan-ip-of- exchangeserver/exchange
it works fine but it comes up with a cert error as the SSL is meant for mail.domain.org.uk
and not /exchange.

How can I solve this?

Many Thanks
0
Comment
Question by:markbenham
  • 7
  • 7
  • 2
16 Comments
 
LVL 9

Expert Comment

by:TazDevil1674
ID: 38394779
You state that using the Internal IP, you get an error saying the SSL Cert is for mail.domain.org.uk - this would suggest you have installed it correctly.

Have you set up your A Record to point mail.domain.org.uk to the IP of the IIS Sever?  once you have that done it should work.  The SSL Cert is for a domain name (mail.domain.org.uk) not a specific folder within the domain (ie /exchange)

If you want to type https://mail.domain.org.uk and end up at the /exchange folde, you need to set up folder redirection within IIS.

Are you looking this to work externally too?  If so, you will need to open port 443 on your Router to allow traffic in...
0
 

Author Comment

by:markbenham
ID: 38394865
Hi TazDevil,

Thanks for you reply.

>>Have you set up your A Record to point mail.domain.org.uk to the IP of the IIS Sever?

I will be setting this up in a few hours.


>>If you want to type https://mail.domain.org.uk and end up at the /exchange folde, you need to set up folder redirection within IIS.

If i want to this, do i set the redirection in the /exchange virtual directory?


>>Are you looking this to work externally too?  If so, you will need to open port 443 on your Router to allow traffic in...

I am hoping that after I add the A record for mail.domain.org.uk and open port 443 on the router, then anyone external should just be able to open a browser (Internet Explorer), type in https://mail.domain.org.uk and it will work.

Is there a way of altering the host file of a PC in the LAN to test if this process will work internally?


Many thanks
0
 
LVL 9

Accepted Solution

by:
TazDevil1674 earned 2000 total points
ID: 38394928
Redirection:  See http://technet.microsoft.com/en-us/library/cc736641(v=ws.10).aspx  for more info.

If you want to add a record in your local HOSTS file you can.  Add a line similar to this:

192.168.1.100      mail.domain.org.uk

You could actually do this on an external machine using the external IP to test before adding an external A Record too...
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38395025
Contact your certificate provide and add san name "Lan-ip-of- exchangeserver" in cerficate then you can able to access exchange url with out any error.

Subject Alternative Names let you protect multiple host names with a single SSL certificate.
Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.

Refer below link (http://www.digicert.com/subject-alternative-name.htm)
0
 

Author Comment

by:markbenham
ID: 38395230
Hi Guys,

Many thanks for your response.

>> If you want to add a record in your local HOSTS file you can.  Add a line similar to this:

>> 192.168.1.100      mail.domain.org.uk


I've tried adding the record to my local HOSTS file

192.168.0.4       mail.domain.org.uk

Unfortunately when I type in the url https://mail.domain.org.uk it displays

=====
"UNDER CONSTRUCTION"
The site you are trying to view does not currently have a default page.
It may be in the process of being upgraded and configured.....
=====

Does this mean I need to redirect this page to https://192.168.0.4/exchange in order
to work? Or will I need to configure anew website for this to work?


Many Thanks
0
 
LVL 9

Expert Comment

by:TazDevil1674
ID: 38395253
If you type https://mail.domain.org.uk/exchange and it works, you can put a redirect from / to /exchange using the link I supplied above
0
 

Author Comment

by:markbenham
ID: 38395283
Hi Taz,

Unfortunately  when I type in https://mail.domain.org.uk/exchange it says,

"Internet Explorer cannot display the webpage"

Any other ideas?

Many Thanks
0
 
LVL 9

Expert Comment

by:TazDevil1674
ID: 38395314
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38395326
You can my soluation becuase after add san name "Lan-ip-of- exchangeserver" in cerficate then you can able to access both exchange url with out any error.

For that you certificate vendor reissue a new certificate for you.
0
 

Author Comment

by:markbenham
ID: 38395334
Hi Taz,

Thanks for this. I've found out why it wasn't working when using https://mail.domain.org.uk/exchange. For some reason the SSL port for the "Default Website" was set to 444. I've now changed it back to 443 and its working.

Will try to see if I can redirect it now.

Many Thanks
0
 
LVL 9

Expert Comment

by:TazDevil1674
ID: 38395343
@sushil84 - if the Author cant get the OWA webpage to display, they need to fix this before looking at any potential SSL Certificate errors...
0
 

Author Comment

by:markbenham
ID: 38395352
Thanks Sushil - Its just that I need this working soonish and cannot wait for the reissue.
We are really close at present. will try to redirect it and see how it pans out.

Many Thanks
0
 

Author Comment

by:markbenham
ID: 38395417
Hi Taz,

I've now redirected the "Default Websites" Home Directory to /exchange and it now comes up with enter the login credentials.

Now when I enter the login credentials, Internet Explorer comes back with,

"Internet Explorer cannot display the webpage".

Any Ideas on this front bud?

Many Thanks
0
 
LVL 9

Expert Comment

by:TazDevil1674
ID: 38395431
I would suggest referring to the MSExchange article again.  It could be many things...

Hope this helps!
0
 

Author Comment

by:markbenham
ID: 38397958
Hi Guys,

I may have sorted this now. Here is what I did in order to get the site redirected:


1.Start the Microsoft Management Console (MMC) IIS snap-in.

2.Right-click Default Web Site, click Properties, and then click the Home Directory tab.

3.Under When connecting to this resource, the content should come from, click A redirection to a URL.

4.In the Redirect to box, type /exchange.

5.Under The client will be sent to, click A directory below this one.

6.Stop and then start the Default Web Site.

The key here is point 5 "click A directory below this one".

Thakns again for your response and help. Will be rewarding all the points to Taz.

Cheers
0
 
LVL 9

Expert Comment

by:TazDevil1674
ID: 38399593
Thanks
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question