One of the things I’ve been doing for as long as I can remember is redirecting requests that don’t go to https://owa.customer.com/owa (or /exchange) to the correct URL. So, if someone goes to http://owa.customer.com or https://owa.customer.com, they get redirected to the correct (secure) URL. Historically I’ve always done this with two components:
- A custom website listening on Port 80 on each CAS server
- A default.aspx file in the root of the Default Web Site redirecting to /owa
This approach no longer works with Exchange 2010 CAS because the PowerShell virtual directory actually operates over Port 80 (authentication is Kerberized). If you try and tinker with this, you’ll start getting errors from Remote PowerShell like this:
VERBOSE: Connecting to cas01.customer.com
[cas01.customer.com] The WinRM service cannot process the request because the request needs to be sent to a different machine. Use the redirect information to send the request to a new machine. Redirect location reported: https://owa.customer.com/owa/PowerShell. To automatically connect to the redirected URI, verify "MaximumConnectionRedirectionCount" property of session preference variable "PSSessionOption" and use "AllowRedirection" parameter on the cmdlet.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportRedirectException
+ FullyQualifiedErrorId : PSSessionOpenFailed
In order to work around this, you need to use the HTTP Redirection feature in IIS (the default.aspx trick mentioned above should work too), as well as remove the requirement for SSL at the top level Default Web Site object. You have to be careful doing this because when you set settings on the web site, IIS will push them down to any virtual directory below which does not explicitly set that setting itself. To setup the redirect, select the Default Web Site in IIS Manager, and open the HTTP Redirect option under IIS. Complete it like this:
Once this step is complete, you need to remove the enforced redirect from each of the virtual directories under the Default Web Site. To do this, select each virtual directory individually, and then open the HTTP Redirect property and uncheck the “Redirect requests to this destination” checkbox. You’ll need to do this on the following virtual directories:
- aspnet_client
- Autodiscover
- ecp
- EWS
- Microsoft-Server-ActiveSync
- OAB
- PowerShell
- Rpc
If at this point you simply browse to http://cas01.customer.com, you’ll get an HTTP 403.4 error. This is because SSL is required at the top-level website. In order to get the redirect working, we need to disable SSL for the toplevel website while leaving it enabled for the relevant child virtual directories.
Select the Default Web Site and open the SSL Settings properties. Uncheck the Require SSL checkbox as shown below:
Like the redirection settings, this change will be inherited down the tree for any virtual directory which does not explicitly set the setting independently. Ensure that SSL is required for the following virtual directories:
- Autodiscover
- ecp
- EWS
- Microsoft-Server-ActiveSync
- OAB
- owa
- Rpc
Once you’ve configured the redirection and SSL settings, open a command prompt and run iisreset. At this point you should be able to browse to http://localhost on the CAS server and get redirected to https://owa.customer.com/owa. These steps were tested on Windows Server 2008 R2. While they should be similar under Windows Server 2008, they may not be identical.
Comments, Trackbacks, & Pingbacks
#1 re: Redirecting OWA URLs in Exchange 2010
Wednesday, February 24 2010 5:24 PM by Karin Cornils#2 re: Redirecting OWA URLs in Exchange 2010
Friday, February 26 2010 3:24 AM by Sean CAh, finally somebody that’s got it done right!
Just like you I’ve been doing this for years, sometimes using an error code ASP redirect dir, coupled with HTTP redirect, etc. Thanks for documenting a clean and perfectly functional config for all scenarios that I can test. And Remote PoSH still works, woot!
Thanks again~
#3 re: Redirecting OWA URLs in Exchange 2010
Sunday, March 07 2010 2:58 PM by MateoPerfect. Worked like a charm!
#4 re: Redirecting OWA URLs in Exchange 2010
Sunday, March 07 2010 11:47 PM by MWhat if you use different URLs for internal/external owa access?
#5 re: Redirecting OWA URLs in Exchange 2010
Sunday, April 11 2010 3:37 PM by iammeBrian, did you not run into this OAB issue that Henrik blogged about? I don't see it mentioned in your article: blogs.msexchange.org/.../oab-issues-afte
#7 re: Redirecting OWA URLs in Exchange 2010
Tuesday, April 13 2010 11:40 PM by MAlcalaExcellent work, Brian. Not even the Microsoft TechNet articles get this process right.
Thank you,
Marco Alcala
#8 re: Redirecting OWA URLs in Exchange 2010
Saturday, April 17 2010 8:54 PM by Jason Leehmmm.. https://webmail.domainname.com redirects ok outside. http://webmail.domainname.com does not.
inside the network, localhost doesnt work :(
Any ideas?
THanks for this article though!
#9 re: Redirecting OWA URLs in Exchange 2010
Saturday, May 01 2010 7:35 AM by riyasathDear Brian
After i did everything it is successfully redirected.But users not able to login while it is asking username & password it is running but it is not gettting inside.Plz guide to troubleshoot this issue. iam waiting fro your valuable reply.
#10 re: Redirecting OWA URLs in Exchange 2010
Wednesday, May 12 2010 11:33 AM by Jeremy LJust wanted to be another to say THANK YOU for this clear and accurate post- Very well done!
#11 re: Redirecting OWA URLs in Exchange 2010
Wednesday, May 12 2010 9:43 PM by JayThanks for the great write up!
#12 re: Redirecting OWA URLs in Exchange 2010
Friday, June 04 2010 7:13 AM by Joedythanks very much it worked a treat thought microsoft would of built something in this edition
#13 re: Redirecting OWA URLs in Exchange 2010
Friday, June 11 2010 2:00 PM by HYUBe careful not to touch the redirection settings on the \owa vdir while removing the http redirects on the other vdirs. If you do you will also disable the redirect on the legacy Exchange folders. Re-enabling the legacy folder redirects will re-enable to redirect on \owa which will cause owa to break by getting stuck in an infiinite loop after a user tries to login.
#14 re: Redirecting OWA URLs in Exchange 2010
Sunday, June 13 2010 11:14 AM by LoopHow to fix the problem mentioned by HYU?
When I enable redirecting for default web site, the owa site inherits the redirection.
When I remove the redirection from owa it removes it from exchange, exchweb and public sites as well.
If I add redirection back to exchange, exchweb or public sites it gets copied to owa site as well.
I'm stuck in the loop.
#15 re: Redirecting OWA URLs in Exchange 2010
Wednesday, June 23 2010 12:19 PM by JohnGot the redirection working fine following these directions, but unfortunatley after reaching the Outlook Web App screen and attempting to log in... I get stuck in an infinite loop in the login process on IE and get a page isn't redirecting properly error in Firefox.
#16 re: Redirecting OWA URLs in Exchange 2010
Friday, June 25 2010 8:37 PM by DaveI found a solution to the redirect loop here:
#17 re: Redirecting OWA URLs in Exchange 2010
Friday, August 13 2010 7:09 PM by Jonathan YerdonThanks! Worked first time!
#18 re: Redirecting OWA URLs in Exchange 2010
January 21, 2010 11:45 AM by Active Directory Round Up 1/21/2010 - The Experts CommunityPingback from Active Directory Round Up 1/21/2010 - The Experts Community
Works perfectly - thanks Brian! And your warning is spot on. Doing it the oldstyle way file redirects - I quickly broke my system.