[Last Call] Learn how to a build a cloud-first strategyRegister Now


Exchange 2010 cookie

Posted on 2014-08-29
Medium Priority
Last Modified: 2014-09-09
Dear Experts,

we have Exchange 2010 SP2 running on server 2008R2,

How can you ensure that all cookies  are sent only on SSL-secured connection, if not how to force ssl on it.

Question by:emtechadmin
  • 2
LVL 14

Expert Comment

ID: 40292309
Are you referring to the cookies for Outlook Web Access? If so, by default Outlook Web Access is SSL-only anyway so this will already be happening unless you've specifically enabled OWA on standard HTTP.

Author Comment

ID: 40292499
HI BlueCompute,

Thanks for your response.

our customer received below advise form it audit, can you please explain what it means,

Missing Secure Attribute in Encrypted Session (SSL) Cookie:
it is best business practice that any cookies that sent over (Set-cookie) an ssl connection to explicitly state secure on them

LVL 14

Assisted Solution

BlueCompute earned 750 total points
ID: 40292506
I'd need a bit more information to be honest; that doesn't specify at all where they're seeing this, or even that it's exchange related. You can check for SSL by either browsing to http://your-server-name/OWA and see if it loads the page, or checking in IIS Manager for the Outlook Web Access site, check it's Bindings, and see if it has a non-https binding on port 80.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 750 total points
ID: 40293105
You should have failed the audit on Exchange 2010 SP2 alone. SP2 is no longer supported. You need to upgrade to SP3 to be supported.

Are you using forms based authentication? If not then you should be.
Never heard of Exchange failing on a cookie error before.


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question