Solved

Exchange 2010 OWA Attachview secure access issue

Posted on 2013-06-27
5
818 Views
Last Modified: 2013-07-09
We have a Exchange 2010 environment and use OWA for external access. To secure attachments we use Messageware Attachview which converts attachments to be viewed over the web without the file being downloaded.

Our ISA sever (Microsoft ISA 2000 unfortunately) is configured to only allow SSL traffic for OWA, which all works fine, except for when an attachment is viewed and the request is attempted over http and not https. This causes the ISA server to reject the request as it is not using SSL. if we disable the requirement for SSL then this works, but then owa can be viewed over non secure channels.

I believe the problem is that the ISA server is also offloading the SSL so requests to exchange are coming in over non-secure channels. my thinking is that the attachview link being provided is non-secure as the request is coming in over non secure channels due to the ISA offloading the SSL.

I have configured the external URL for OWA to be the https external url but this is still not working.

Does anyone have any ideas as to why this is the case?
0
Comment
Question by:bankhall
  • 3
  • 2
5 Comments
 
LVL 11

Assisted Solution

by:Sanjay Santoki
Sanjay Santoki earned 200 total points
ID: 39283837
Hello,

I would recommend you to disable SSL requirement on ISA as well as website server and put URL rewrite rule to rewrite all non HTTPS request to HTTPS request. Alternatively you can achieve it by creating by dummy website on TCP 80 with OWA URL host headers and redirect request to https://FQDN/OWA

You can achieve it using URL Rewrite module of Microsoft.

Regards,
Sanjay Santoki
0
 

Author Comment

by:bankhall
ID: 39289516
Thanks very much for the response - I'll have a look in to both options and see what suits best and let you know the outcome.
0
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 39289687
Hello,

Good Day!

Do let me know if you required further assistance from my side...

Regards,
Sanjay Santoki
0
 

Accepted Solution

by:
bankhall earned 0 total points
ID: 39299712
My colleague picked this up for me and discovered that by assigning the same certificate to the exchange server (on a new IP so not to conflict with other services using previous certificate) that was assigned to the website on the ISA server, allowed the connection via HTTPS and fixed the issue.

We effectively created new listening rules on ISA (as if setting up a new site), gave exchange a new IP, and used a new URL for the website, all with the same externally trusted certificate.

Unfortunately this meant I couldn't test your advice to see if this would fix it also, but I appreciate the help in getting to the final solution!
0
 

Author Closing Comment

by:bankhall
ID: 39309769
Solution achived by setting up new site alongside existing one with same certificate on ISA and exchange, as per post above
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HTTP to HTTPS but have 2 sub sites 8 18
Single Record DNS Zones 9 22
Exchange 2016 DAG Backup 7 12
EXCHANGE, ACTIVE DIRECTORY 4 20
Find out what you should include to make the best professional email signature for your organization.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question