I recently came across a Microsoft discussion group thread that explains why automatic redirects to Outlook Web
Access (OWA) directories may fail when SSL is enabled and enforced.
The Exchange administrator configured IIS to redirect users automatically from a second-tier domain (e.g., https://mail.x.com) to the proper OWA directory (i.e., https://mail.x.com/exchange). He also wanted to provide a redirect from http://mail.x.com to https://mail.company.com. However, when he tried to implement the redirect, it wouldn't work.
Instead, the administrator performed the redirect with a quick ASP script that simply used Response.Redirect to bounce the OWA user to the appropriate page. It succeeded in redirecting users from https://mail.x.com to https://mail.x.com/exchange, but it didn't work for bouncing them from http to https.
The problem was that the administrator mistakenly set SSL to be required for the entire mail.x.com site -- not just the \exchange directory. An OWA user who tries to access the mail.x.com site via standard http would receive an error, since the redirect was never being triggered in the first place.
The fix was simple enough: He disabled SSL on the site, but enabled it specifically on the OWA directories that required it. The only caveat is that any newly-created OWA directories that require SSL would need to have SSL turned on manually.
The script and technique this Exchange administrator used has been documented in the Microsoft Knowledge Base article 555053, How to redirect to a secure Exchange virtual directory and enable forms-based authentication.
The Microsoft article also suggests adding a custom redirect for the 403;4 error which bounces any non-SSL user to the SSL version of the same site. This can also be used if you want to enforce https on the whole site by default, without needing to set it for specific directories.
About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.