Ramblings from The Montopolis Group

Building better businesses... with Technology

Exchange OWA SSL Redirect

By Leave a Comment

UPDATE 10/20/2011 – Instead of these instructions, go to http://www.ehloworld.com/186 for Pat’s excellent PowerShell script to automate OWA SSL redirects and more.

Getting to Exchange Outlook Web Access (OWA) out of the box isn’t the most friendly for end users.

Your URL has to be HTTPS and don’t forget the /owa at the end!

There are a lot of methods for “fixing” this on the Internet.  Some of the solutions are quite clever and others get rather involved.

As I was setting up a new CAS server tonight I reviewed many of these solutions.  Since this new Exchange 2010 server I am working on is part of a far more elaborate Exchange 2007, Lync/OCS and Cisco UM setup, making lots of deep IIS changes wasn’t anything I wanted a part of.

The questions I asked myself were….

  • How would these changes impact Lync/OCS (soft clients, phones, devices)?
  • Would they impact Exchange 2007 redirection?
  • Would Microsoft PSS yell at me 3 years from now for jacking up IIS JUST to improve ease of use for OWA users?
  • Am I going to end up with a troubleshooting nightmare later?
  • When administration of this server ends up going to someone else, what are they going to inherit?

I just wanted to make getting to OWA via just the hostname EASY.

So I went back to the old standby method.  It’s simple.  It’s not sexy.  It’s down-right boring.

While I can’t promise PSS won’t yell at YOU in 3 years for doing this, at least you will not be making drastic or deep changes to IIS.  Just one simple change and the real problem you are trying to fix will be fixed, with fewer possible unintended consequences.

  1. Start your IIS Manager
  2. Click on the web site where your Exchange is (by default its “Default Web Site”)
  3. Double-click on Error Pages
  4. Click Add
  5. In status code put “403.4” (without the quotes)
  6. Select “Respond with a 302 redirect”
  7. In the Absolute URL field put “https://owa.exchangerocks.com/owa”
  8. Click OK
  9. Fin!

No go to http://owa.exchangerocks.com and your OWA Login should appear.  If it does not, make sure port 80 is open on the server firewall and on any firewall ahead of the server.

How this works…. The 403.4 HTTP Status Code is the code for “SSL Required”, and if the web server responds with that error, it will redirect to your proper OWA URL.

That’s it!  This method works equally for Exchange 2007 or 2010 (and 2003 if you do the research).

Now this doesn’t “fix” the URL if the user goes to https://owa.exchangerocks.com.  You could change the status code above to just 403 (Access Denied) – but then ALL access denied events will get redirected to your OWA login.  I don’t recommend that as that will really impact troubleshooting/your support desk and not mention increase your bandwidth if your OWA box is ever annoyed by hackers 😉

For that scenario, I recommend using Microsoft’s URL Rewrite and adding the necessary redirects.