[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 850
  • Last Modified:

Exchange 2010 OWA Attachview secure access issue

We have a Exchange 2010 environment and use OWA for external access. To secure attachments we use Messageware Attachview which converts attachments to be viewed over the web without the file being downloaded.

Our ISA sever (Microsoft ISA 2000 unfortunately) is configured to only allow SSL traffic for OWA, which all works fine, except for when an attachment is viewed and the request is attempted over http and not https. This causes the ISA server to reject the request as it is not using SSL. if we disable the requirement for SSL then this works, but then owa can be viewed over non secure channels.

I believe the problem is that the ISA server is also offloading the SSL so requests to exchange are coming in over non-secure channels. my thinking is that the attachview link being provided is non-secure as the request is coming in over non secure channels due to the ISA offloading the SSL.

I have configured the external URL for OWA to be the https external url but this is still not working.

Does anyone have any ideas as to why this is the case?
0
bankhall
Asked:
bankhall
  • 3
  • 2
2 Solutions
 
Sanjay SantokiCommented:
Hello,

I would recommend you to disable SSL requirement on ISA as well as website server and put URL rewrite rule to rewrite all non HTTPS request to HTTPS request. Alternatively you can achieve it by creating by dummy website on TCP 80 with OWA URL host headers and redirect request to https://FQDN/OWA

You can achieve it using URL Rewrite module of Microsoft.

Regards,
Sanjay Santoki
0
 
bankhallAuthor Commented:
Thanks very much for the response - I'll have a look in to both options and see what suits best and let you know the outcome.
0
 
Sanjay SantokiCommented:
Hello,

Good Day!

Do let me know if you required further assistance from my side...

Regards,
Sanjay Santoki
0
 
bankhallAuthor Commented:
My colleague picked this up for me and discovered that by assigning the same certificate to the exchange server (on a new IP so not to conflict with other services using previous certificate) that was assigned to the website on the ISA server, allowed the connection via HTTPS and fixed the issue.

We effectively created new listening rules on ISA (as if setting up a new site), gave exchange a new IP, and used a new URL for the website, all with the same externally trusted certificate.

Unfortunately this meant I couldn't test your advice to see if this would fix it also, but I appreciate the help in getting to the final solution!
0
 
bankhallAuthor Commented:
Solution achived by setting up new site alongside existing one with same certificate on ISA and exchange, as per post above
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now