Create a secure Microsoft Outlook Web Access (OWA) redirect page

Although I'm familiar with Exchange Server and Microsoft Outlook Web Access (OWA), I sometimes forget to type HTTPS when accessing my OWA site. This causes my OWA server to generate a The Page Must Be Viewed Over A Secure Channel error message. When this happens, I simply enter the URL correctly and log on.

It occurred to me that there will always be a group of users who may also forget to type HTTPS. I came up with an easy way to help these users -- eliminating the need to type HTTPS without sacrificing SSL security.

To do this, I set up a redirection page. That way, if a user enters the OWA URL using the HTTP prefix (instead of HTTPS), he will be redirected to the OWA website (with SSL enabled), rather than receiving the error message. This should help reduce help desk calls.

The following steps apply to OWA 2007, but this technique will also work for OWA 2003 with slight modifications.

Keep in mind that trying to access OWA without typing HTTPS triggers an HTTP 403.4 error. This essentially denies access to the resource (OWA), because a policy states that SSL is required. The error message is actually just a Web page that has been linked to the 403.4

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT User Authentication for Microsoft Outlook and OWA Top 5 Outlook Web Access (OWA) tips of 2008 Manage user rights and access to Outlook Web Access (OWA) mailboxes Why does a security alert pop up when accessing Outlook Web Access? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks How to improve Outlook Web Access (OWA) security Alleviate Outlook Web Access (OWA) email attachment security issues How to customize OWA authentication logon in Exchange Server 2003 Automated redirects to OWA directories may fail when SSL is enforced Configure Windows Mobile devices to local wipe after failed logons Outlook Web Access Troubleshoot 'System Attendant' error messages in OWA Troubleshoot Microsoft Outlook Web Access problems Detecting update rollup and patch failures in OWA Troubleshoot IIS metabase corruption in Outlook Web Access Fix 'Service unavailable' errors and other common OWA login problems Troubleshooting Microsoft Outlook Web Access logon issues Tools to report on Outlook Mobile Access usage Outlook Web Access issues after an Exchange 2003 migration Top 5 Outlook Web Access (OWA) tips of 2008 Troubleshooting Outlook Web Access issues on a 64-bit system Microsoft Exchange Server 2007 Virtualizing Exchange Server 2007 -- Where it works Fixing DPM 2007 inconsistent replica errors in Exchange Server Using Mobile Device Manager 2008 server roles in Exchange 2007 Relocating Outlook email messages on a hosted Exchange 2007 server New high availability features in Exchange Server 2010 An introduction to the DSAccess service in Exchange Server 2007 Control Outlook 2007 in cached mode settings with group policies Exchange Performance Monitor tracks domain controller communication Meeting Workspaces in Microsoft Office SharePoint Server 2007 Exchange Server 2007 SP2 reinstates built-in backup capabilities Microsoft Exchange Server 2007 Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Vouch by Reference (VBR)  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

error. To fix this, replace the error Web page with the page that we created earlier. To do so:

Although this technique works well, there are a couple of things to note.

Note: IIS can be particular about custom error pages. I have used this technique on multiple occasions. Most often, it works. However, sometimes IIS gives me a permissions error that I am unable to resolve. If this happens, I recommend editing the existing error message file (DO NOT replace it), so that it includes the new code.

This method won't work for all organizations, but if OWA is the only HTTPS-enabled site on your CAS, this technique might save users some frustration.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Server (IIS) and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.