Solved

Exchange 2010 Multiple OWA Sites

Posted on 2014-04-22
9
1,269 Views
Last Modified: 2014-04-24
Greetings. We've got an entity within our organization which would like a different OWA logon page (I've customized the default one for the larger organization).  Our UCC cert does have the smaller organization's fqdn in it and the mx record in dns for "mail.other_entity.org" gets them to our OWA page.

I've read that a second OWA virtual directory can be created.

Do I need a second IP / NIC on the mail server to make this happen ?  If so, could someone direct me to some detailed procedures ?

Thanks much.
-Stephen
0
Comment
Question by:lapavoni
9 Comments
 
LVL 9

Expert Comment

by:Mahesh Sharma
ID: 40014298
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40015726
You don't need a second NIC.
You will need a second IP address, both internally and externally.
That is because SSL is a 1:1 binding to IP addresses.

So setup the second IP address to Exchange. Then change the default web site to be bound to the first address specifically (it will be on "any" by default).
Create a second web site in IIS and adjust the bindings, including SSL for it.

Then create new virtual directories. You will need OWA, ECP and EWS for it to work correctly. OAB and Outlook Anywhere can stay on the default (the end users will not see that), as can ActiveSync, as that can cause problems outside of the default.

Simon.
0
 

Author Comment

by:lapavoni
ID: 40015741
I've got two NICs that are teamed on the server.  Will that be an issue ?  Just add a second IP to the team ?

Also, it's bound to 127.0.0.1  Does loopback apply to all addresses or just the first one ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40015775
What is bound to 127.0.0.1 ? The second web site?
It needs to be bound to a specific address, not the loopback address. Don't touch the default site, other than to change the * to the specific address.

Being a team means nothing - as you have a virtual NIC which holds the address.

Simon.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:lapavoni
ID: 40015799
The first website is bound to 127.0.0.1  .... not to *
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40017210
The only binding you have to change is the http 80 *, no others.
You should have two bound to port 80, 127.0.0.1 and *.

There will then be one, maybe two bound to HTTPS. You will need to change any of those to a specific address.

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40017693
I disagree with Simon on this one.

I have mail.mycompany.net, webmail.mycompany.net on my ISP DNS pointing to the same IP.

On my IIS I have a redirect from either to the virtual directory of owa.  This was for legacy purposes when the company was not using autodiscover for their exchange server and the "webmail" was use for OWA only.


Now, in your case you can have a name for the other organization, copy all OWA virtual directory onto a new directory of your choice (lets called "branch" for now) and add it to the default web site.  Modify your logon and logoff .aspx files.  When you want the main owa just use mail.maincompany.org and for the other one you could use mail.branchcompany.org.

So when user type in their browser mail.maincompany.org they will get to the main OWA and the other organization users will use mail.branchcompany.org/branch to get their OWA.

As you can see this works the same way your actual services do (mail.maincompay.org/ecp, mail.maincompany.org/oab, mail.maincompany.org/owa)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40017899
Except that isn't a supported method.
The only supported route is to use a different web site and use new-owavirtualdirectory

Simon.
0
 

Author Closing Comment

by:lapavoni
ID: 40020162
I will read up on the alternative solution, but the supported one is always preferable.  Thank you again, Simon.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out what you should include to make the best professional email signature for your organization.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now