Solved

Exchange 2010 OWA Attachview secure access issue

Posted on 2013-06-27
5
786 Views
Last Modified: 2013-07-09
We have a Exchange 2010 environment and use OWA for external access. To secure attachments we use Messageware Attachview which converts attachments to be viewed over the web without the file being downloaded.

Our ISA sever (Microsoft ISA 2000 unfortunately) is configured to only allow SSL traffic for OWA, which all works fine, except for when an attachment is viewed and the request is attempted over http and not https. This causes the ISA server to reject the request as it is not using SSL. if we disable the requirement for SSL then this works, but then owa can be viewed over non secure channels.

I believe the problem is that the ISA server is also offloading the SSL so requests to exchange are coming in over non-secure channels. my thinking is that the attachview link being provided is non-secure as the request is coming in over non secure channels due to the ISA offloading the SSL.

I have configured the external URL for OWA to be the https external url but this is still not working.

Does anyone have any ideas as to why this is the case?
0
Comment
Question by:bankhall
  • 3
  • 2
5 Comments
 
LVL 11

Assisted Solution

by:Sanjay Santoki
Sanjay Santoki earned 200 total points
ID: 39283837
Hello,

I would recommend you to disable SSL requirement on ISA as well as website server and put URL rewrite rule to rewrite all non HTTPS request to HTTPS request. Alternatively you can achieve it by creating by dummy website on TCP 80 with OWA URL host headers and redirect request to https://FQDN/OWA

You can achieve it using URL Rewrite module of Microsoft.

Regards,
Sanjay Santoki
0
 

Author Comment

by:bankhall
ID: 39289516
Thanks very much for the response - I'll have a look in to both options and see what suits best and let you know the outcome.
0
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 39289687
Hello,

Good Day!

Do let me know if you required further assistance from my side...

Regards,
Sanjay Santoki
0
 

Accepted Solution

by:
bankhall earned 0 total points
ID: 39299712
My colleague picked this up for me and discovered that by assigning the same certificate to the exchange server (on a new IP so not to conflict with other services using previous certificate) that was assigned to the website on the ISA server, allowed the connection via HTTPS and fixed the issue.

We effectively created new listening rules on ISA (as if setting up a new site), gave exchange a new IP, and used a new URL for the website, all with the same externally trusted certificate.

Unfortunately this meant I couldn't test your advice to see if this would fix it also, but I appreciate the help in getting to the final solution!
0
 

Author Closing Comment

by:bankhall
ID: 39309769
Solution achived by setting up new site alongside existing one with same certificate on ISA and exchange, as per post above
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now