?
Solved

SBS 2011 IIS is always redirecting to HTTPS

Posted on 2014-01-29
5
Medium Priority
?
586 Views
Last Modified: 2014-01-29
I have an installation of Small Business Server 2011.

There are a few files in the C:\INetPub\wwwroot folder which need to be served up when we access the server via a hostname like "http://kb.mycompany.com" instead of "https://remote.mycompany.com". For technical reasons, it needs to be served without SSL.

For some reason, I'm getting some very strange redirection behavior when I try to access the site.

If I go to http://kb.mycompany.com, it does show the "IIS 7.0" splashpage, as I want it to, but it redirects to HTTPS. I don't understand why, I don't see anywhere in IIS that says it should do that.

Additionally, if I go to, say, http://kb.mycompany.com/folder/anotherfolder/aaa.html, it actually redirects to https://KB.MYCOMPANY.COM/FOLDER/ANOTHERFOLDER/AAA.HTML, all in uppercase.

That's totally strange, and I don't understand why it is doing that either.

Can anyone point me in the right direction, at least maybe give me an idea of what parts of IIS I should be looking in to try and investigate why this is happening?
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
achaldave earned 2000 total points
ID: 39818173
Check website's SSL options in IIS, is it set to require SSL? check HTTP redirect option. Check error pages,  specially 403 there might be scripted redirect. The redirection can be added to page itself check "AAA.HTML" for any redirection to HTTPS.
0
 
LVL 31

Author Comment

by:Frosty555
ID: 39818285
The "Require SSL" checkbox is ticket at the top level.

If I untick it on one of my subfolders, I CAN indeed browse that website using HTTP and it doesn't redirect me!
 
Still, though... if "Require SSL" was ticked I would expect it to throw a 403.4 forbidden error, not redirect to the HTTPS version of the site. And the "all uppercase" redirection is baffling!

There's no custom error pages, no HTTP redirect option, and the page itself isn't doing a redirect (at least not any of MY pages, I don't know what tweaks and modifications have been applied through SBS 2011's Microsoft Exchange installation)...

Judging from what I see in Google Chrome's network debugger it is definitely an HTTP 302 redirect that is coming from the server.

What could be causing the redirect?
0
 
LVL 15

Expert Comment

by:achaldave
ID: 39818442
Check the 403.4 error page, since your site is configured to require SSL and is not throwing 403 error it looks like the 403 error page is customized to redirect. Under error pages section, open properties of 403 and check the filename and path under response action, the file configured there must have redirection.
0
 
LVL 31

Author Comment

by:Frosty555
ID: 39818548
Strangely enough, there are no custom 403 error pages configured. I've done that before on other Exchange servers to have OWA redirect to HTTPS, but for some reason in SBS 2011 it isn't necessary.

In any case I figured it out (or at least figured a workaround).

The problem really is that all of these requests are being served by the "Default Web Site" site, which has Require SSL ticked and I'm hesitant to turn that off.

So instead I created a new Site, which does not have Require SSL ticked, and I added all of the hostnames (such as kb.mycompany.com) to the Bindings.

Now this new site is used to serve kb.mycompany.com, and my other hostnames like mail.mycompany.com and remote.mycompany.com are happily served by SBS 2011 like normal
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 39818552
The big clue was to look at the "Require SSL" tickbox, which was ticked.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question