none
OWA 2013 doesn't redirect to HTTPS

    Question

  • Hello,

    I have Exchange 2013 CU1 Enterprise installed.

    When I disable require SSL in Default Website and also redirect Default Website to https://mail.contoso.com/owa and then type in browser http://mail.contoso.com the web site is blank. If I enable require SSL for Default Website it shows 403 - server error, which is understandable. But I don't know why redirection with no-SSL doesn't work and web page is completly blank?

    And another question is why I have in IIS8 Default Website and Exchange Back End? What are differences between them?

    Thank you for replies.

    Sunday, July 14, 2013 4:17 PM

All replies

  • My experience with doing that is that it breaks things in Exchange 2013.  The way to do HTTP redirect in Exchange 2013 is this:

    http://www.expta.com/2013/05/owa-2013-cu1-redirection-is-broken-for.html


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, July 15, 2013 6:22 AM
  • Hello,

    After you do redirection, please make sure you restart iis service.

    For 403 error, the issue occured by ssl.

    And please make sure your configuration is ok.

    Here is the article for your reference.

    Simplify the Outlook Web App URL

    http://technet.microsoft.com/en-us/library/aa998359(v=exchg.150).aspx


    Cara Chen
    TechNet Community Support

    Monday, July 15, 2013 6:27 AM
  • As I said, I have configured exactly what you posted in article Simplify the Outlook Web App URL:

      • Start IIS Manager.
      • Expand the local computer, expand Sites, and then click Default Web Site.
      • At the bottom of the Default Web Site Home pane, click Features View if this option isn't already selected.
      • In the IIS section, double-click HTTP Redirect.
      • Select the Redirect requests to this destination check box.
      • Type the absolute path of the /owa virtual directory. For example, type https://mail.contoso.com/owa.
      • Under Redirect Behavior, select the Only redirect requests to content in this directory (not subdirectories) check box.
      • In the Status code list, click Found (302).
      • In the Actions pane, click Apply.
      • Click Default Web Site.
      • In the Default Web Site Home pane, double-click SSL Settings.
      • In SSL Settings, clear Require SSL.
    • Only one thing which I didn't do was IISRESET. So now I have configured everything above and typed IISRESET. Now I don't have blank page if I go to http://mail.contoso.com but it shows HTTP 403 error. So no redirection but error. Is this Exchange bug? Because I have heard something about Exchange CU2 update which fix something with owa redirection.
    • Do you have any Ideas how to redirect users from http://mail.contoso.com to https://mail.contoso.com? Thank you.
    Monday, July 15, 2013 4:04 PM
  • Thank you for article, but I don't have any legacy Exchange. Only what I want to do is redirect users automatically from http://mail.contoso.com to https://mail.contoso.com.  I'm little bit confused from your link with broken redirection - Only what I see as solution is to make my own custom error for HTTP to HTTPS redirection? Thank you for explanation.
    Monday, July 15, 2013 4:08 PM
  • My experience is that this will break Exchange 2013.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, July 15, 2013 6:34 PM
  • It doesn't matter, that is the method to apply HTTP redirect for Exchange 2013.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, July 15, 2013 6:36 PM
  • http://www.expta.com/2013/05/owa-2013-cu1-redirection-is-broken-for.html

    • Optional, but recommended: Create a new custom error for HTTP to HTTPS redirection.  Select the Default Web Site in IIS Manager, double-clickError Pages, then click the Add button.
    • Enter 403.4 for the Status Code and select Respond with a 302 redirect.  The enter the Absolute URL ashttps://webmail.domain.com/owa, using your own OWA FQDN as shown above.
    • Finally, reset IIS using the command IISRESET /NOFORCE /TIMEOUT:120
    • Rinse and repeat for all CAS 2013 CU1 servers.
     
    Tuesday, July 16, 2013 6:10 AM
  • That's the technique in the link I provided in my initial answer.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Tuesday, July 16, 2013 2:38 PM
  • That's the technique in the link I provided in my initial answer.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Okay, I will try it tomorrow.

    And why you say: "My experience is that this will break Exchange 2013." ? How it will break Exchange? Thank you.

    Tuesday, July 16, 2013 8:53 PM
  • It will break OWA and ECP.  When I did that, I wasn't able to log in through the FBA page at all.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Wednesday, July 17, 2013 1:41 AM
  • I solved this problem by creating new web site in IIS on Exchange (CAS) server.
    Redirect this new web site to https://exchange.domain.com/owa

    Do Binding for this new web site on port 80 with host (for example mail.domain.com).
    You can do more binding (alternative host names) if you want.

    You shouldn't bind FQDN for host of your Exchange (CAS) server.

    In this way, everything is working OK (OWA, ECP, Exchange Management).
    All updates will work without intervention.

    Wednesday, July 17, 2013 5:48 AM
  • Thank you guys for tips. I try to do binding for new website as si124 says, but now I must solve some issues with IIS8. I will post my result...
    Thursday, July 18, 2013 6:17 PM
  • I fixed it by doing this:

    http://www.itnotes.eu/?p=824

    Using IIS URL Rewrite 2.0 to make this work as we want it to.

    What we need is to download a ‘plugin’ for IIS to create rules, so go download and install URL Rewrite from Microsoft:

    http://www.iis.net/downloads/microsoft/url-rewrite

    Now you will notice a new icon in your IIS Manager named “URL Rewrite” located in “Default Web Site”:

    1. Enter Url Rewrite and click on “Add Rule(s)
    2. Select “Blank rule” below “Inbound rules” and click “OK”.
    3. Give it a meaningfull name like “Redirect to HTTPS”.
    4. In the “Match URL” section you fill in as follows:
      Requested URL: Matches the Pattern
      Using: Regular Expression
      Pattern: (.*)
      Mark in Ignore case.
    5. Conditions, you click Add and fill in as follows:
      Condition input: {HTTPS}
      Check if input string: Matches the Pattern
      Pattern: ^OFF$
      Mark in Ignore case and click OK
    6. Server Variables: Skip this section.
    7. In the Action section:
      Action type: Redirect
      Redirect URL: https://{HTTP_HOST}/{R:1}
      Mark in Append query string
      Redirect type: Permanent (301)
      - Notes: I’ve read other people using “Found (302) instead of Permanent (301).
    8. Click Apply
    9. Now you can see your rule in the URL Rewrite plugin section.

    Next to last step to make this Work – Disabled Require SSL:

    We need this last step to make it all Work. At first it seems strange to disabled SSL since we did all of the above in order to secure our site traffic, but the explanation is actually simple:

    When Require SSL rule is in place, users will be met with the “Forbidden: Access is denied” message shown in the top of this post, before the URL Redirect takes place.

    1. Go to “Default Web Site” in IIS Manager and click “SSL Settings”.
    2. Deselect the “Require SSL” setting and press “Apply.

    ssl01 ssl02

    Disable URL Rewrite for PowerShell virtual directory

    1. Go to “Default Web Site” in IIS Manager.
    2. Select the ”PowerShell” Virtual Directory.
    3. Open “Url Rewrite”.
    4. Select the rule “Redirect to HTTPS” we just made, and click “Disable Rule”.
    5. The rule is now greyed out to indicate the “disabled” state.
    6. Reset iis using one of the following Powershell commands:

    Reset iis (iisreset /noforce) or just iisreset

    • Proposed as answer by Ben Nicholls Wednesday, November 13, 2013 8:24 PM
    Saturday, November 02, 2013 4:27 PM
  • I've found this method to work:

    http://www.expta.com/2013/05/owa-2013-cu1-redirection-is-broken-for.html


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Sunday, November 03, 2013 3:25 AM
  • Thanks, this worked perfect for me
    Wednesday, November 13, 2013 8:24 PM