Automated redirects to OWA directories may fail when SSL is enforced

The Exchange administrator configured IIS to redirect users automatically from a second-tier domain (e.g., https://mail.x.com) to the proper OWA directory (i.e., https://mail.x.com/exchange). He also wanted to provide a redirect from http://mail.x.com to https://mail.company.com. However, when he tried to implement the redirect, it wouldn't work.

Instead, the administrator performed the redirect with a quick ASP script that simply used Response.Redirect to bounce the OWA user to the appropriate page. It succeeded in redirecting users from https://mail.x.com to https://mail.x.com/exchange, but it didn't work for bouncing them from http to https.

The problem was that the administrator mistakenly set SSL to be required for the entire mail.x.com site -- not just the \exchange directory. An OWA user who tries to access the mail.x.com site via standard http would receive an error, since the redirect was never being triggered in the first place.

More on OWA authentication: Setting up OWA in Exchange Server 2003 Disappearing OWA and Exchange virtual directory settings An OWA authentication anomaly Forms-based authentication errors with OMA and ActiveSync How to repair Exchange-related IIS virtual directories

The fix was simple enough: He disabled SSL on the site, but enabled it specifically on the OWA directories that required it. The only caveat is that any newly-created OWA directories that require SSL would need to have SSL turned on manually.

The script and technique this Exchange administrator used has been documented in the Microsoft Knowledge Base article 555053, How to redirect to a secure Exchange virtual directory and enable forms-based authentication.

The Microsoft article also suggests adding a custom redirect for the 403;4 error which bounces any non-SSL user to the SSL version of the same site. This can also be used if you want to enforce https on the whole site by default, without needing to set it for specific directories.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT User Authentication for Microsoft Outlook and OWA Lock down direct file access and protect OWA users Obtaining and verifying SSL certificates in Exchange Server Top 5 Outlook Web Access (OWA) tips of 2008 Manage user rights and access to Outlook Web Access (OWA) mailboxes Create a secure Microsoft Outlook Web Access (OWA) redirect page Why does a security alert pop up when accessing Outlook Web Access? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks How to improve Outlook Web Access (OWA) security Alleviate Outlook Web Access (OWA) email attachment security issues Outlook Web Access OWA 2007 configuration tricks to boost performance Top 5 Exchange ActiveSync tips Lock down direct file access and protect OWA users Simplify an OWA URL on Windows Server 2008 Windows Mobile 6.5 touts Internet Explorer, OWA improvements When OWA's default configurations aren't good enough Digging deeper into Exchange Server 2010 Troubleshoot 'System Attendant' error messages in OWA Troubleshoot Microsoft Outlook Web Access problems Detecting update rollup and patch failures in OWA Internet Information Services (IIS) and Exchange Server Interoperability Analyzing Exchange ActiveSync data from .CSV report files Monitoring Outlook Web Access usage via IIS log files Exchange Server and Microsoft Internet Information Services (IIS) IIS 6 file corruption flaw impairs OWA Symantec Mail Security for Microsoft Exchange crashes IIS Outlook Web Access only displays parent directories Recreating IIS virtual directories for OWA, OMA and Exchange ActiveSync Exchange Server domain name changes -- don't forget about IIS Forms-based authentication errors with OMA and ActiveSync Disappearing OWA and Exchange virtual directory settings Internet Information Services (IIS) and Exchange Server Interoperability Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Vouch by Reference (VBR)  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.