Solved

Exchange 2010 OWA Attachview secure access issue

Posted on 2013-06-27
5
808 Views
Last Modified: 2013-07-09
We have a Exchange 2010 environment and use OWA for external access. To secure attachments we use Messageware Attachview which converts attachments to be viewed over the web without the file being downloaded.

Our ISA sever (Microsoft ISA 2000 unfortunately) is configured to only allow SSL traffic for OWA, which all works fine, except for when an attachment is viewed and the request is attempted over http and not https. This causes the ISA server to reject the request as it is not using SSL. if we disable the requirement for SSL then this works, but then owa can be viewed over non secure channels.

I believe the problem is that the ISA server is also offloading the SSL so requests to exchange are coming in over non-secure channels. my thinking is that the attachview link being provided is non-secure as the request is coming in over non secure channels due to the ISA offloading the SSL.

I have configured the external URL for OWA to be the https external url but this is still not working.

Does anyone have any ideas as to why this is the case?
0
Comment
Question by:bankhall
  • 3
  • 2
5 Comments
 
LVL 11

Assisted Solution

by:Sanjay Santoki
Sanjay Santoki earned 200 total points
ID: 39283837
Hello,

I would recommend you to disable SSL requirement on ISA as well as website server and put URL rewrite rule to rewrite all non HTTPS request to HTTPS request. Alternatively you can achieve it by creating by dummy website on TCP 80 with OWA URL host headers and redirect request to https://FQDN/OWA

You can achieve it using URL Rewrite module of Microsoft.

Regards,
Sanjay Santoki
0
 

Author Comment

by:bankhall
ID: 39289516
Thanks very much for the response - I'll have a look in to both options and see what suits best and let you know the outcome.
0
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 39289687
Hello,

Good Day!

Do let me know if you required further assistance from my side...

Regards,
Sanjay Santoki
0
 

Accepted Solution

by:
bankhall earned 0 total points
ID: 39299712
My colleague picked this up for me and discovered that by assigning the same certificate to the exchange server (on a new IP so not to conflict with other services using previous certificate) that was assigned to the website on the ISA server, allowed the connection via HTTPS and fixed the issue.

We effectively created new listening rules on ISA (as if setting up a new site), gave exchange a new IP, and used a new URL for the website, all with the same externally trusted certificate.

Unfortunately this meant I couldn't test your advice to see if this would fix it also, but I appreciate the help in getting to the final solution!
0
 

Author Closing Comment

by:bankhall
ID: 39309769
Solution achived by setting up new site alongside existing one with same certificate on ISA and exchange, as per post above
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out what you should include to make the best professional email signature for your organization.
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question