Exchange 2010 cookie

Dear Experts,

we have Exchange 2010 SP2 running on server 2008R2,

How can you ensure that all cookies  are sent only on SSL-secured connection, if not how to force ssl on it.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you referring to the cookies for Outlook Web Access? If so, by default Outlook Web Access is SSL-only anyway so this will already be happening unless you've specifically enabled OWA on standard HTTP.
emtechadminAuthor Commented:
HI BlueCompute,

Thanks for your response.

our customer received below advise form it audit, can you please explain what it means,

Missing Secure Attribute in Encrypted Session (SSL) Cookie:
it is best business practice that any cookies that sent over (Set-cookie) an ssl connection to explicitly state secure on them

I'd need a bit more information to be honest; that doesn't specify at all where they're seeing this, or even that it's exchange related. You can check for SSL by either browsing to http://your-server-name/OWA and see if it loads the page, or checking in IIS Manager for the Outlook Web Access site, check it's Bindings, and see if it has a non-https binding on port 80.
Simon Butler (Sembee)ConsultantCommented:
You should have failed the audit on Exchange 2010 SP2 alone. SP2 is no longer supported. You need to upgrade to SP3 to be supported.

Are you using forms based authentication? If not then you should be.
Never heard of Exchange failing on a cookie error before.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.