IIS 6 and Exchange 2003

Hi Experts,

I've purchased a UCC SSL cert to be able to use Outlook Web Access (Exchange 2003) securely.
The primary name for this cert is mail.domain.org.uk.

With the exception of setting up A records and DNS. Can someone tell me
how I can setup IIS 6 so that when I enter the url: https://mail.domain.org.uk 
it brings up the login for Outlook Web Access?

Currently when I login internally to https://Lan-ip-of- exchangeserver/exchange
it works fine but it comes up with a cert error as the SSL is meant for mail.domain.org.uk
and not /exchange.

How can I solve this?

Many Thanks
markbenhamAsked:
Who is Participating?
 
TazDevil1674Connect With a Mentor Commented:
Redirection:  See http://technet.microsoft.com/en-us/library/cc736641(v=ws.10).aspx  for more info.

If you want to add a record in your local HOSTS file you can.  Add a line similar to this:

192.168.1.100      mail.domain.org.uk

You could actually do this on an external machine using the external IP to test before adding an external A Record too...
0
 
TazDevil1674Commented:
You state that using the Internal IP, you get an error saying the SSL Cert is for mail.domain.org.uk - this would suggest you have installed it correctly.

Have you set up your A Record to point mail.domain.org.uk to the IP of the IIS Sever?  once you have that done it should work.  The SSL Cert is for a domain name (mail.domain.org.uk) not a specific folder within the domain (ie /exchange)

If you want to type https://mail.domain.org.uk and end up at the /exchange folde, you need to set up folder redirection within IIS.

Are you looking this to work externally too?  If so, you will need to open port 443 on your Router to allow traffic in...
0
 
markbenhamAuthor Commented:
Hi TazDevil,

Thanks for you reply.

>>Have you set up your A Record to point mail.domain.org.uk to the IP of the IIS Sever?

I will be setting this up in a few hours.


>>If you want to type https://mail.domain.org.uk and end up at the /exchange folde, you need to set up folder redirection within IIS.

If i want to this, do i set the redirection in the /exchange virtual directory?


>>Are you looking this to work externally too?  If so, you will need to open port 443 on your Router to allow traffic in...

I am hoping that after I add the A record for mail.domain.org.uk and open port 443 on the router, then anyone external should just be able to open a browser (Internet Explorer), type in https://mail.domain.org.uk and it will work.

Is there a way of altering the host file of a PC in the LAN to test if this process will work internally?


Many thanks
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Sushil SonawaneCommented:
Contact your certificate provide and add san name "Lan-ip-of- exchangeserver" in cerficate then you can able to access exchange url with out any error.

Subject Alternative Names let you protect multiple host names with a single SSL certificate.
Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.

Refer below link (http://www.digicert.com/subject-alternative-name.htm)
0
 
markbenhamAuthor Commented:
Hi Guys,

Many thanks for your response.

>> If you want to add a record in your local HOSTS file you can.  Add a line similar to this:

>> 192.168.1.100      mail.domain.org.uk


I've tried adding the record to my local HOSTS file

192.168.0.4       mail.domain.org.uk

Unfortunately when I type in the url https://mail.domain.org.uk it displays

=====
"UNDER CONSTRUCTION"
The site you are trying to view does not currently have a default page.
It may be in the process of being upgraded and configured.....
=====

Does this mean I need to redirect this page to https://192.168.0.4/exchange in order
to work? Or will I need to configure anew website for this to work?


Many Thanks
0
 
TazDevil1674Commented:
If you type https://mail.domain.org.uk/exchange and it works, you can put a redirect from / to /exchange using the link I supplied above
0
 
markbenhamAuthor Commented:
Hi Taz,

Unfortunately  when I type in https://mail.domain.org.uk/exchange it says,

"Internet Explorer cannot display the webpage"

Any other ideas?

Many Thanks
0
 
TazDevil1674Commented:
0
 
Sushil SonawaneCommented:
You can my soluation becuase after add san name "Lan-ip-of- exchangeserver" in cerficate then you can able to access both exchange url with out any error.

For that you certificate vendor reissue a new certificate for you.
0
 
markbenhamAuthor Commented:
Hi Taz,

Thanks for this. I've found out why it wasn't working when using https://mail.domain.org.uk/exchange. For some reason the SSL port for the "Default Website" was set to 444. I've now changed it back to 443 and its working.

Will try to see if I can redirect it now.

Many Thanks
0
 
TazDevil1674Commented:
@sushil84 - if the Author cant get the OWA webpage to display, they need to fix this before looking at any potential SSL Certificate errors...
0
 
markbenhamAuthor Commented:
Thanks Sushil - Its just that I need this working soonish and cannot wait for the reissue.
We are really close at present. will try to redirect it and see how it pans out.

Many Thanks
0
 
markbenhamAuthor Commented:
Hi Taz,

I've now redirected the "Default Websites" Home Directory to /exchange and it now comes up with enter the login credentials.

Now when I enter the login credentials, Internet Explorer comes back with,

"Internet Explorer cannot display the webpage".

Any Ideas on this front bud?

Many Thanks
0
 
TazDevil1674Commented:
I would suggest referring to the MSExchange article again.  It could be many things...

Hope this helps!
0
 
markbenhamAuthor Commented:
Hi Guys,

I may have sorted this now. Here is what I did in order to get the site redirected:


1.Start the Microsoft Management Console (MMC) IIS snap-in.

2.Right-click Default Web Site, click Properties, and then click the Home Directory tab.

3.Under When connecting to this resource, the content should come from, click A redirection to a URL.

4.In the Redirect to box, type /exchange.

5.Under The client will be sent to, click A directory below this one.

6.Stop and then start the Default Web Site.

The key here is point 5 "click A directory below this one".

Thakns again for your response and help. Will be rewarding all the points to Taz.

Cheers
0
 
TazDevil1674Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.