Automated redirects to OWA directories may fail when SSL is enforced

I recently came across a Microsoft discussion group thread that explains why automatic redirects to Outlook Web Access (OWA) directories may fail when SSL is enabled and enforced.

The Exchange

    Requires Free Membership to View

administrator configured IIS to redirect users automatically from a second-tier domain (e.g., https://mail.x.com) to the proper OWA directory (i.e., https://mail.x.com/exchange). He also wanted to provide a redirect from http://mail.x.com to https://mail.company.com. However, when he tried to implement the redirect, it wouldn't work.

Instead, the administrator performed the redirect with a quick ASP script that simply used Response.Redirect to bounce the OWA user to the appropriate page. It succeeded in redirecting users from https://mail.x.com to https://mail.x.com/exchange, but it didn't work for bouncing them from http to https.

The problem was that the administrator mistakenly set SSL to be required for the entire mail.x.com site -- not just the \exchange directory. An OWA user who tries to access the mail.x.com site via standard http would receive an error, since the redirect was never being triggered in the first place.

More on OWA authentication:
Setting up OWA in Exchange Server 2003

Disappearing OWA and Exchange virtual directory settings

An OWA authentication anomaly

Forms-based authentication errors with OMA and ActiveSync

How to repair Exchange-related IIS virtual directories

The fix was simple enough: He disabled SSL on the site, but enabled it specifically on the OWA directories that required it. The only caveat is that any newly-created OWA directories that require SSL would need to have SSL turned on manually.

The script and technique this Exchange administrator used has been documented in the Microsoft Knowledge Base article 555053, How to redirect to a secure Exchange virtual directory and enable forms-based authentication.

The Microsoft article also suggests adding a custom redirect for the 403;4 error which bounces any non-SSL user to the SSL version of the same site. This can also be used if you want to enforce https on the whole site by default, without needing to set it for specific directories.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

This was first published in December 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.