Friday, February 3, 2012

Simplify the Outlook Web App URL

Simplify the Outlook Web App URL describes Exchange 2010 SP2 OWA redirection.

I have the following comments regarding Simplify the Outlook Web App URL:

·         Section “Use IIS Manager to simplify the Outlook Web App URL when SSL is required”: I think MS means: Use IIS Manager to simplify the Outlook Web App URL when SSL is required at the Default Web Site? If so, step 12 says: In SSL Settings, clear Require SSL but SSL should not be cleared if you require SSL at the Default Web Site.

·         When configuring Require SSL (clear Require SSL) & Redirection settings at Default Web Site, the settings are propagated to lower-level directories. The steps to enable SSL on all sub dir’s (except OAB & PowerShell virtual dir) and disable redirection on all sub dir’s are not explicitly mentioned.

·         The following table contains default OWA SSL & Redirect settings (after installing new Exchange 2010 SP2 CAS Server):

Default IIS Settings E2K10 SP2 CAS Server
SSL Settings
HTTP Redirect
Default Web Site
[x] Require SSL
[ ] Redirect requests to this destination: <>
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
aspnet_client
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
Autodiscover
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
ecp
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
EWS
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)

Exchange
[x] Require SSL
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination
[ ] Only redirect requests to content in this directory
Status code: Found (302)
Exchweb
[x] Require SSL
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination
[ ] Only redirect requests to content in this directory
Status code: Found (302)
Microsoft-Server-ActiveSync
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
OAB
[ ] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
owa
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
PowerShell
[ ] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
Public
[x] Require SSL
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination
[ ] Only redirect requests to content in this directory
Status code: Found (302)

Rpc
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)
RpcWithCert
[x] Require SSL
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination
[x] Only redirect requests to content in this directory
Status code: Found (302)

By default only Exchange, Exchweb & Public virtual dir are redirected to /owa. However, after enabling redirection at the Default Web Site and disabling at owa virtual dir you get in a loop and it’s not possible to restore the default configuration (only Exchange, Exchweb & Public virtual dir redirect to /owa):

·         When I enable redirection for default web site, the owa site inherits the redirection.

·         When I remove the redirection from owa it removes it from exchange, exchweb and public sites as well.

·         If I add redirection back to exchange, exchweb or public sites it gets copied to owa site as well.



After some research I found a much easier way to get owa redirection working by using Custom Error Pages:

IIS Manager (Windows 2008 R2):

·         Default Web Site, Error Pages, Add...

·         Add Custom Error Page

o   Status code: 403.4

o   (*) Respond with a 302 redirect

o   Absolute URL: https://webmail.domain.com/owa

By using Custom Error Pages there is no need to configure IIS SSL & Redirect settings and things don’t get messed up.
 

When using https://webmail.domain.com users will see the default IIS7 Welcome page. To redirect https://webmail.domain.com to https://webmail.domain.com/owa:

·         Create a default.aspx in the root directory (C:\inetpub\wwwroot\default.aspx) with one line:

o   <% Response.Redirect("https://webmail.domain.com/owa") %>

·         IIS Manager:

o   Default Web Site, Default Document

o   Move Up default.aspx to the top of the list

If you have any comments or questions, please let me know.

9 comments:

  1. sorry, I know this is old but what if my internal domain is different than my external domain.
    Internally we use domain.local but outside they access OWA using webmail.domain.com? How do I configure the redirect, point it to webmail.domain.local/owa?
    Also, when using redirect what External domain do you set in the CAS for OWA?

    ReplyDelete
  2. Then you should use your internal domain name to redirect OWA internally.
    For external access you should create a redirect rule with TMG/UAG or another reverse proxy.

    ReplyDelete
  3. Martijn, I appreciate the post. It has worked for me. However, your segment regardign redirecting https requests to the OWA site is confusing. I do not have a "default.aspx" file in my C:\inetpub\wwwroot folder. Do you mean for me to "Edit the default.aspx in the root directory..." or "create a 'default.aspx' page with one line..."?

    I need a little clarification.

    Thanks,

    KJOHNSON

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
    2. Hi,

      Just create a default.aspx with one line. Blog has been updated.

      Martijn

      Delete
  4. Martijn,

    THANK YOU! x 1000

    I set everything to default based on your documentation above because I was following microsoft and other blog about using Redirect HTTP and screw things up big time because of all that inherited thing from the default web site. (Whack!)
    After that I did IISreset /noforce.
    And followed your direction by creating an error page and default.aspx.
    After that, BAM!
    Users are all happy.

    Great BLOG.
    This is going to be in my Browser Favorite.

    ReplyDelete
  5. All the contents you mentioned in post is too good and very useful. I will keep it in mind, thanks for sharing the information keep updating, looking forward for more posts. cheap wildcard ssl

    ReplyDelete
  6. Cheap Wildcard SSL - Cheap SSL certificates (including wildcard and multi-domain (SAN) SSL certificates) from Comodo, GeoTrust, Thawte and Symantec (VeriSign)

    ReplyDelete