Create a secure Microsoft Outlook Web Access (OWA) redirect page

Although I'm familiar with Exchange Server and Microsoft Outlook Web Access (OWA), I sometimes forget to type HTTPS when accessing my OWA site. This causes my OWA server to generate a The Page Must Be Viewed Over A Secure Channel error message. When this happens, I simply enter the URL correctly and log on.

It occurred to me that there will always be a group of users who may also forget to type HTTPS. I came up with an easy way to help these users -- eliminating the need to type HTTPS without sacrificing SSL security.

To do this, I set up a redirection page. That way, if a user enters the OWA URL using the HTTP prefix (instead of HTTPS), he will be redirected to the OWA website (with SSL enabled), rather than receiving the error message. This should help reduce help desk calls.

The following steps apply to OWA 2007, but this technique will also work for OWA 2003 with slight modifications.

1. Open Notepad and create a new file containing the following code:
   <head>
   <Meta HTTP-Equiv="refresh" CONTENT=1; URL=https://mirage/owa">
   </head>

This script instructs the Web page to wait one second and then redirect the user to https://mirage/owa (the internal URL for my OWA server). Be sure to replace this URL with the URL for your OWA server.

2. Once you have created this Notepad document, save it in the client access server's (CAS) C:\Windows\help\iisHelp\common folder as OWA-Redir.htm.

   This creates an HTML page that can redirect users to your OWA page. Next, configure the OWA server to use this new page. To do so, use the Internet Information Services (IIS) Manager console.

3. Open the IIS Manager console and navigate through the console tree to
   Your server -> Web Sites -> Default Web Site.
4. Right-click on the Default Web Site container and choose the Properties command from the menu. The console will then display the default website's properties sheet.

Keep ...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT User Authentication for Microsoft Outlook and OWA Lock down direct file access and protect OWA users Obtaining and verifying SSL certificates in Exchange Server Top 5 Outlook Web Access (OWA) tips of 2008 Manage user rights and access to Outlook Web Access (OWA) mailboxes Why does a security alert pop up when accessing Outlook Web Access? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks How to improve Outlook Web Access (OWA) security Alleviate Outlook Web Access (OWA) email attachment security issues How to customize OWA authentication logon in Exchange Server 2003 Outlook Web Access Block Web beacons and protect OWA users from spam OWA 2007 configuration tricks to boost performance Top 5 Exchange ActiveSync tips Lock down direct file access and protect OWA users Simplify an OWA URL on Windows Server 2008 Windows Mobile 6.5 touts Internet Explorer, OWA improvements When OWA's default configurations aren't good enough Digging deeper into Exchange Server 2010 Troubleshoot 'System Attendant' error messages in OWA Troubleshoot Microsoft Outlook Web Access problems Microsoft Exchange Server 2007 How to install Forefront Security for Exchange Server Displaying Exchange 2007 public folders in SharePoint Don'ts for optimal Exchange 2007 mailbox server efficiency Is your Exchange 2007 hub transport server healthy? Top 5 Exchange ActiveSync tips Two useful tools for documenting an Exchange Server installation Controlling spam in Exchange 2007 at the edge transport server level Restore Exchange storage groups with DPM 2007 How a hosted Exchange service can help you Email issues after configuring hosted Exchange server on laptop Microsoft Exchange Server 2007 Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Vouch by Reference (VBR)  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

in mind that trying to access OWA without typing HTTPS triggers an HTTP 403.4 error. This essentially denies access to the resource (OWA), because a policy states that SSL is required. The error message is actually just a Web page that has been linked to the 403.4 error. To fix this, replace the error Web page with the page that we created earlier. To do so:

1. Select the Custom Errors tab from the Properties sheet and scroll through the list of errors until you locate the 403.4 error.
2. Select the 403.4 error and click Edit. You will see that the error is linked to a file named C:\Windows\help\iisHelp\common\403-4.htm.
3. Redirect this error to C:\Windows\help\iisHelp\common\OWA-Redir.htm.
4. Click OK a few times and restart IIS.

Although this technique works well, there are a couple of things to note.

• The change applies to any website that falls beneath the Default Web Site container. This means that if you have any other default websites that are hosted on the OWA server that require SSL encryption, they will be redirected to OWA if a user forgets to type HTTPS. Users won't be redirected to the site that they intended to access.
• If there is a certificate-related SSL failure, this technique could potentially cause users to become trapped in an infinite loop. For instance, the user would enter the correct URL for the OWA site, but the failure would trigger a redirection. However, because a failure occurred, the redirect would be triggered again and again.

Note: IIS can be particular about custom error pages. I have used this technique on multiple occasions. Most often, it works. However, sometimes IIS gives me a permissions error that I am unable to resolve. If this happens, I recommend editing the existing error message file (DO NOT replace it), so that it includes the new code.

This method won't work for all organizations, but if OWA is the only HTTPS-enabled site on your CAS, this technique might save users some frustration.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Server (IIS) and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.