Automated redirects to OWA directories may fail when SSL is enforced

Find out why automatic redirects to OWA directories may fail when SSL is enforced, and learn about a technique that will allow redirects to SSL-enabled OWA directories.

This Content Component encountered an error

I recently came across a Microsoft discussion group thread that explains why automatic redirects to Outlook Web Access (OWA) directories may fail when SSL is enabled and enforced.

The Exchange administrator configured IIS to redirect users automatically from a second-tier domain (e.g., https://mail.x.com) to the proper OWA directory (i.e., https://mail.x.com/exchange). He also wanted to provide a redirect from http://mail.x.com to https://mail.company.com. However, when he tried to implement the redirect, it wouldn't work.

Instead, the administrator performed the redirect with a quick ASP script that simply used Response.Redirect to bounce the OWA user to the appropriate page. It succeeded in redirecting users from https://mail.x.com to https://mail.x.com/exchange, but it didn't work for bouncing them from http to https.

The problem was that the administrator mistakenly set SSL to be required for the entire mail.x.com site -- not just the \exchange directory. An OWA user who tries to access the mail.x.com site via standard http would receive an error, since the redirect was never being triggered in the first place.

More on OWA authentication:
Setting up OWA in Exchange Server 2003

Disappearing OWA and Exchange virtual directory settings

An OWA authentication anomaly

Forms-based authentication errors with OMA and ActiveSync

How to repair Exchange-related IIS virtual directories

The fix was simple enough: He disabled SSL on the site, but enabled it specifically on the OWA directories that required it. The only caveat is that any newly-created OWA directories that require SSL would need to have SSL turned on manually.

The script and technique this Exchange administrator used has been documented in the Microsoft Knowledge Base article 555053, How to redirect to a secure Exchange virtual directory and enable forms-based authentication.

The Microsoft article also suggests adding a custom redirect for the 403;4 error which bounces any non-SSL user to the SSL version of the same site. This can also be used if you want to enforce https on the whole site by default, without needing to set it for specific directories.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

This was first published in December 2007

Dig deeper on User Authentication for Microsoft Outlook and OWA

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close