How to Setup a Secure Exchange Outlook Web Access URL

I’d like to discuss something that has come up a many times in the past: Exchange Outlook Web Access (OWA) and how to simplify it for users. Users can still access email even if they forget to put in https:, or can’t remember that is the URL has the /owa on it. We call this redirecting OWA URLs (in Exchange 2010).

There are a couple of caveats here to ensure a successful Exchange Outlook Web Access URL redirect. First, port 80 has to be open on the firewall so that the http: redirect can take place. In Exchange 2010, running a secondary website with a redirect no longer works, so you have to tinker with the “Default Web Site,” which I’ve been told is a definite problem. Secondly, in 2010, it is very easy to reset the default web site if you muck up.

IIS7 has a redirect feature that you can use to help accomplish this. To start, open the IIS manager, and select the default web site. Then, in the right hand pane, select the http: redirect setting and set it up exactly like the picture below, including all checked boxes.

(Note: the highlighted selection would be the URL that you want to redirect users to).

Exchange_Outlook_Web_Access_exchange_owa_exchange_outlook

Once complete, there are a couple items that you want to verify. You do not want redirect enabled for the following virtual directories (right click on each one and deselect the check box for redirection):

  • Aspnet_client
  • Autodiscover
  • Ecp
  • EWS
  • Microsoft-Server-ActiveSync
  • OAB
  • PoweShell
  • Rpc

Redirection should be enabled for these directories, but should point to /owa, instead of the full URL.

  • Exchange
  • Exchweb
  • Public

This will take care of the redirection for all https: requests, but not take http: requests. The default setting will still require https:.

To fix this, you will need to disable SSL setting requirements at the Default Web Site level. Then, go through, much like the previous section, and check the inheritance and fix, so that the required virtual directories have “Require SSL” checked.

Exchange_Outlook_Web_Access_exchange_owa_exchange_outlook2

Be sure the following virtual directories still have “Require SSL” checked:

  • Autodiscover
  • Ecp
  • EWS
  • Microsoft-Server-ActiveSync
  • OAB
  • owa
  • Rpc

DO NOT require SSL for the PowerShell virtual directory – that will break it.

You can now either reboot the server, or recycle the iis process – iisrest.

After doing all of this, your Exchange Outlook Web Access URLs should be redirected and secure. Check your configuration to ensure all the right certificates are in place and DNS is setup correctly at https://www.testexchangeconnectivity.com.

Related Posts

Search