Ramblings from The Montopolis Group

Building better businesses... with Technology

Exchange OWA SSL Redirect

January 28, 2011 By Babul A. Mukherjee Leave a Comment

UPDATE 10/20/2011 – Instead of these instructions, go to http://www.ehloworld.com/186 for Pat’s excellent PowerShell script to automate OWA SSL redirects and more.


Getting to Exchange Outlook Web Access (OWA) out of the box isn’t the most friendly for end users.

Your URL has to be HTTPS and don’t forget the /owa at the end!

There are a lot of methods for “fixing” this on the Internet.  Some of the solutions are quite clever and others get rather involved.

As I was setting up a new CAS server tonight I reviewed many of these solutions.  Since this new Exchange 2010 server I am working on is part of a far more elaborate Exchange 2007, Lync/OCS and Cisco UM setup, making lots of deep IIS changes wasn’t anything I wanted a part of.

The questions I asked myself were….

  • How would these changes impact Lync/OCS (soft clients, phones, devices)?
  • Would they impact Exchange 2007 redirection?
  • Would Microsoft PSS yell at me 3 years from now for jacking up IIS JUST to improve ease of use for OWA users?
  • Am I going to end up with a troubleshooting nightmare later?
  • When administration of this server ends up going to someone else, what are they going to inherit?

I just wanted to make getting to OWA via just the hostname EASY.

So I went back to the old standby method.  It’s simple.  It’s not sexy.  It’s down-right boring.

While I can’t promise PSS won’t yell at YOU in 3 years for doing this, at least you will not be making drastic or deep changes to IIS.  Just one simple change and the real problem you are trying to fix will be fixed, with fewer possible unintended consequences.

  1. Start your IIS Manager
  2. Click on the web site where your Exchange is (by default its “Default Web Site”)
  3. Double-click on Error Pages
  4. Click Add
  5. In status code put “403.4” (without the quotes)
  6. Select “Respond with a 302 redirect”
  7. In the Absolute URL field put “https://owa.exchangerocks.com/owa”
  8. Click OK
  9. Fin!

No go to http://owa.exchangerocks.com and your OWA Login should appear.  If it does not, make sure port 80 is open on the server firewall and on any firewall ahead of the server.

How this works…. The 403.4 HTTP Status Code is the code for “SSL Required”, and if the web server responds with that error, it will redirect to your proper OWA URL.

That’s it!  This method works equally for Exchange 2007 or 2010 (and 2003 if you do the research).

Now this doesn’t “fix” the URL if the user goes to https://owa.exchangerocks.com.  You could change the status code above to just 403 (Access Denied) – but then ALL access denied events will get redirected to your OWA login.  I don’t recommend that as that will really impact troubleshooting/your support desk and not mention increase your bandwidth if your OWA box is ever annoyed by hackers 😉

For that scenario, I recommend using Microsoft’s URL Rewrite and adding the necessary redirects.

Related

Filed Under: Exchange Tagged With: exchange, owa, redirect, ssl

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The Montopolis Group, Ltd.

Archives

  • February 2016
  • February 2013
  • January 2013
  • January 2012
  • October 2011
  • January 2011
  • October 2010
  • February 2010
  • January 2010
  • December 2009
  • September 2009
  • August 2009
  • October 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007

Tags

blackberry crash exchange EXC_BAD_ACCESS firmware group policy lion lync mac nps outlook owa password peap radius redirect sbs 2003 screen saver snom ssl windows 7 wireless

Recent Comments

  • Jon on Outlook 2010 does not save password with Exchange
  • jonathan on Dell 1390/1490/1500 WLAN Minicard Connectivity Issue
  • Bez on Radius/NPS Wireless PEAP Authentication Fails
  • Rhea on Exchange 2010 & GoDaddy UCC certificate walkthrough
  • Babul A. Mukherjee on Exchange 2010 & GoDaddy UCC certificate walkthrough

Copyright © 2018 The Montopolis Group, Ltd. · Log in