· Section “Use IIS Manager to simplify the Outlook Web App URL when SSL is required”: I think MS means: Use IIS Manager to simplify the Outlook Web App URL when SSL is required at the Default Web Site? If so, step 12 says: In SSL Settings, clear Require SSL but SSL should not be cleared if you require SSL at the Default Web Site.
· When configuring Require SSL (clear Require SSL) & Redirection settings at Default Web Site, the settings are propagated to lower-level directories. The steps to enable SSL on all sub dir’s (except OAB & PowerShell virtual dir) and disable redirection on all sub dir’s are not explicitly mentioned.
· The following table contains default OWA SSL & Redirect settings (after installing new Exchange 2010 SP2 CAS Server):
Default IIS Settings E2K10 SP2 CAS Server
|
SSL Settings
|
HTTP Redirect
|
Default Web Site
|
[x] Require SSL
|
[ ] Redirect requests to this destination: <>
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
aspnet_client
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
Autodiscover
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
ecp
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
EWS
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
Exchange
|
[x] Require SSL
|
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination [ ] Only redirect requests to content in this directory Status code: Found (302) |
Exchweb
|
[x] Require SSL
|
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination [ ] Only redirect requests to content in this directory Status code: Found (302) |
Microsoft-Server-ActiveSync
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
OAB
|
[ ] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
owa
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
PowerShell
|
[ ] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
Public
|
[x] Require SSL
|
[x] Redirect requests to this destination: /owa
Redirect Behavior:
[ ] Redirect all requests to exact destination [ ] Only redirect requests to content in this directory Status code: Found (302) |
Rpc
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
RpcWithCert
|
[x] Require SSL
|
[ ] Redirect requests to this destination: < >
Redirect Behavior: (options greyed out)
[ ] Redirect all requests to exact destination [x] Only redirect requests to content in this directory Status code: Found (302) |
By default only Exchange, Exchweb & Public virtual dir are redirected to /owa. However, after enabling redirection at the Default Web Site and disabling at owa virtual dir you get in a loop and it’s not possible to restore the default configuration (only Exchange, Exchweb & Public virtual dir redirect to /owa):
· When I enable redirection for default web site, the owa site inherits the redirection.
· When I remove the redirection from owa it removes it from exchange, exchweb and public sites as well.
· If I add redirection back to exchange, exchweb or public sites it gets copied to owa site as well.
After some research I found a much easier way to get owa redirection working by using Custom Error Pages:
IIS Manager (Windows 2008 R2):
· Default Web Site, Error Pages, Add...
· Add Custom Error Page
o Status code: 403.4
o (*) Respond with a 302 redirect
By using Custom Error Pages there is no need to configure IIS SSL & Redirect settings and things don’t get messed up.
When using https://webmail.domain.com users will see the default IIS7 Welcome page. To redirect https://webmail.domain.com to https://webmail.domain.com/owa:
· Create a default.aspx in the root directory (C:\inetpub\wwwroot\default.aspx) with one line:
· IIS Manager:
o Default Web Site, Default Document
o Move Up default.aspx to the top of the list
If you have any comments or questions, please let me know.
sorry, I know this is old but what if my internal domain is different than my external domain.
ReplyDeleteInternally we use domain.local but outside they access OWA using webmail.domain.com? How do I configure the redirect, point it to webmail.domain.local/owa?
Also, when using redirect what External domain do you set in the CAS for OWA?
Then you should use your internal domain name to redirect OWA internally.
ReplyDeleteFor external access you should create a redirect rule with TMG/UAG or another reverse proxy.
Martijn, I appreciate the post. It has worked for me. However, your segment regardign redirecting https requests to the OWA site is confusing. I do not have a "default.aspx" file in my C:\inetpub\wwwroot folder. Do you mean for me to "Edit the default.aspx in the root directory..." or "create a 'default.aspx' page with one line..."?
ReplyDeleteI need a little clarification.
Thanks,
KJOHNSON
This comment has been removed by the author.
DeleteHi,
DeleteJust create a default.aspx with one line. Blog has been updated.
Martijn
Martijn,
ReplyDeleteTHANK YOU! x 1000
I set everything to default based on your documentation above because I was following microsoft and other blog about using Redirect HTTP and screw things up big time because of all that inherited thing from the default web site. (Whack!)
After that I did IISreset /noforce.
And followed your direction by creating an error page and default.aspx.
After that, BAM!
Users are all happy.
Great BLOG.
This is going to be in my Browser Favorite.
tks
ReplyDeletetry interssl.com ....
ReplyDeleteThe Venetian Resort Las Vegas | Casino Finder ボンズ カジノ ボンズ カジノ 우리카지노 계열사 우리카지노 계열사 ラッキーニッキー ラッキーニッキー 60▷ Best Online Casinos 2021 ▷ Play at Asian Bookie
ReplyDelete