Exchange 2010: Simplify OWA URL

Categories: Microsoft Exchange, Networking, Unified Messaging

Ex2010 logo imageExchange Outlook Web Access is a wonderful feature, but directing users to access it on their own can be a patience testing proposal if you’re not using URL redirection.

For example: you’ve installed Exchange 2010, configured all the appropriate roles, including the CAS (Client Access Server; responsible for OWA), and deserve a hero’s welcome, or at least a pat on the back. You then send an email to staff telling them that they can access webmail from the following public URL – https://webmail.domain.com/owa; easy enough right? Wrong! A few days later, calls come streaming in with users attempting to access OWA using incorrect URL’s: http instead of https, forgetting to append /owa to the URL, etc.

Well you can clear all of this up and make it transparent to the user, and they’ll never know you did it; it will just work.

With Exchange 2010 and IIS 7, the process for redirection has been greatly improved over IIS 6. Before, I would place a custom page in the “wwwroot” directory that would automatically redirect the user if they didn’t use “https” or if they didn’t append the “/exchange” (Exchange 2000/2003) or “/owa” (Exchange 2007) directory. This was a combination of customizing the “403.4” error and the home directory settings (maybe a later blog post, if requested).

In IIS 7, you only need a few mouse-clicks and your proper OWA URL to accomplish the same thing.

IIS7_ss1

Open IIS 7 manager and navigate to your “Default Web Site“. In the options panel, open “HTTP Redirect

Enter the proper OWA URL (i.e, https://webmail.domain.com/owa), select the “Only redirect requests to content in this directory (not subdirectories)” checkbox, and click “Apply“.

Uncheck URL RedirectThis will apply the redirection to ALL subdirectories of the default site, so you’ll need to click on each subdirectory/virtual directory and remove the redirection by unchecking “Redirect requests to this destination“. We only want to redirect the top level of the default site.

Note: The Exchange, Exchweb, and Public virtual directories should redirect to /owa.  This is for coexistence scenarios with older versions of Exchange (2000/2003).  There should already have been redirect settings in place for this, just make sure that these settings were not affected by adding the redirect above.

ssl settingsNext, we want to remove the SSL requirement from the default site. Yes we still need to use SSL to access OWA, but if we require it at this level, any user that enters the OWA URL without “https” will receive an error message.

ssl settings_detail

Since any changes made to the “Default Web Site” propagate down to subdirectories, as in the “HTTP Redirect” example above,  review the following subdirectories and make sure that “Require SSL” is enabled:

  • Autodiscover
  • ecp
  • EWS
  • Microsoft-Server-ActiveSync
  • owa
  • Rpc
  • RpcWithCert

Finally, don’t forget to restart the website and test.

Restart WebSite

There are some scripts floating out online that will perform these steps for you, but I have not had a chance to test, so proceed with caution….and then let me know how it turned out!

«
»
  • But please help me, I just want to do read only permission but there is no way I can do it. I use cmdlet for fullpermission, it is ok, but cmdlet command for read only command doesn’t work. Why?

  • Just for clarification: What is the exact cmdlet you are using? What are you trying to apply read-only permissions to? Are you trying to apply this to simplifying the OWA URL?

  • Since running this command I now get an ACE error when removing the permissions and the mailbox of ALL the users is listed within my mailbox WITHOUT adding them via the mail profile. I tried to re-run the command but swapped ADD with REMOVE to try and fix the error with no joy. I would appreciate your assistance in fixing this.

    Regards

  • I have not had a chance to try it yet with SP1. Since I’ve posted this, I’ve stumbled on a much easier way to accomplish the same thing. Check out this excellent blog post/script from some of the folks at MS that care: http://bit.ly/bGeiph

  • Which command are you referring to specifically? Redirecting the OWA URL and the problems that you are experiencing may not be related to each other…

  • Wonderful, detailed instructions. I was able to follow with issue! Thank you.

  • This worked Great I have been looking all over for this type of document!

  • Great! Suppose i want the same thing as above but then with a link-name
     i came up with my self? For example when a user types in gotomymail.damn.thing

  • From a highly stressed engineer: Cheers! Exactly the information I needed, exactly how I needed it. Great stuff!

  • Awesome, glad this info is still relevant and helpful. Stress relief for engineers is one of the goals of this blog!