locked
OWA and http redirect not working

    Question

  • Hello,

    I'm fairly green when it comes to administering Exchange, so if you could help me with this problem that would be great!

    I've build a new Windows Server 2008 with Exchange 2007 in a new domain.
    I've configured OWA and externally people now can login to OWA via https://www.mydomain.nl/owa

    So far so good. Now I tried to use "http redirect" on the "default web page" so that people can go to https://www.mydomain.nl and log in to OWA.
    The login screen appears and people can type their username and password, but when they try to log on the page keeps loading and appears to hang on this:

    "waiting for https://www.mydomain.nl\owa\owaauth.dll..."

    What am I doing wrong here...shouldn't I use http redirect at all or have i created some sort of loop? I've recreated the virtual directories but this didn't help. I've run "test-owaconnectivity -testtype external" and this is the result:

    "The test received an unexpected response to an Outlook Web Access request."

    In the Exchange Management Console is the external address for OWA configured as https://www.mydomain.nl/owa

    Any help would be appreciated...if you need more info please let me know!

    Kind regards,
    Serge de Klerk
    Tuesday, July 28, 2009 12:12 PM

Answers

  • @neil: but when i remove the http redirect from the owa folder too, then the http redirect also gets removed from the default web page...
    That's a problem, as long as the redirect is set on the owa folder, it won't work.  In fact I remember getting the same message you were about owaauth.dll when I had that problem.
    • Marked as answer by Serge de Klerk Thursday, August 6, 2009 10:57 AM
    Wednesday, July 29, 2009 8:12 PM

All replies

  • This article only works if you are accessing it from outside using http://site to go to https://site.

     

    My problem is that internally, we cannot go to https:/site, but have to use a different URL.

     

    in other words:

     

    http://mail.site.com -> https://mail.site.com/owa

    http://server -> https:/server/owa

     

    This redirect will take https://sever -> https://mail.site.com/owa which is not accessible from inside.

     

    I'm looking for something like the Exchange 2003 / IIS 6 article (http://support.microsoft.com/kb/555053) that redirects on the fly with the 403 redirect, that takes whatever was entered, and redirects it to the same url, but changes the HTTP: to HTTPS and adds /owa to the end.

     

    i.e. this process:

     

    1. In the inetpub/wwwroot folder create a folder called CustomErrors
    2. Open notepad and paste the following text into it

    -----------------copy all below---------------------
     <%

    If Request.ServerVariables("HTTPS")  = "off" Then
                                        Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") & "/Exchange"
    End If

          %>
    -----------------copy all above---------------------

    Save the file as Owahttps.asp in your CustomErrors Directory.
    (change the save as file type to "All files" or it will save as Owahttps.asp.txt)
    3. On the Web server open https://" & Request.ServerVariables("HTTP_HOST") & "/Exchange"
    End If

          %>
    -----------------copy all above---------------------

    Save the file as Owahttps.asp in your CustomErrors Directory.
    (change the save as file type to "All files" or it will save as Owahttps.asp.txt)
    3. On the Web server open IIS administrator (under admin tools)
    4. Expand servername > Web Site > Default Website
    5. Locate the CustomErrors Directory (IN the IIS admin console) > right click > properties.
    6. Directory Tab > Application settings section, click Create.
    7. CustomErrors shouls appear in the "Application Name" box.
    8. IF you are running Exchange 2003 on IIS 6 then change the "Application pool" box (click
       the drop down arrow) to "ExchangeApplicationPool"
    9. Click the Directory Security tab >  Authentication and access control section > Edit.
    10. Tick Enable anonymous access > OK.
    11. Look down to the Secure communications section >  Edit.
    12. Untick Require secure channel (SSL) check box, > OK > OK.
    13. Right-click the Exchange virtual directory > Properties.
    14. Click the Custom Errors tab > scroll doen to > 403.4 > double click it
    15. Change Message Type to URL > in URL box enter /CustomErrors/Owahttps.asp > OK.
    16. Click the Directory Security tab > Secure Communications > Edit.
    17. Tick Require secure channel (SSL) check box. (If you want 128 bit tick that too) > OK > OK

     

     

    For some reason, when you follow that article, it does not work--I've tried it 3 different client sites.  I think it has something to do with the application pool--but not comfortable enough with IIS to fiddle with it too far.

     

    Any help you may have would be appreciated.

     

    AND I Don't have ISA Server (They are Cisco PIX firewalls).

     

    I've looked at both of these links:

     

    How to redirect an HTTP connection to HTTPS for Outlook Web Access clients
    http://support.microsoft.com/?id=839357

    How to make Outlook Web Access the default Web site
    http://support.microsoft.com/kb/319878/

    Tuesday, July 28, 2009 12:37 PM
  • Hi Serge,

    I have copied the URL which will guide you step by step to redirect OWA URL to secure URL. Just look in the Windows 2008 Section

    http://technet.microsoft.com/en-us/library/aa998359.aspx
    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    Tuesday, July 28, 2009 12:50 PM
  • what i did was within iis manager is made the following change only the default web site (not any virtual directories)
    under the error pages features i modified the custom error page for error code 403
    i changed it to respond with a 302 redirect and set the absolute URL to https://mail.domain.com/owa
    • Proposed as answer by Joel M__ Sunday, August 18, 2013 4:41 PM
    Tuesday, July 28, 2009 12:53 PM
  • Hi people,

    thanks for the quick replies!
    @Vinod: I've done all that so that http redirect is only enabled on de default web page and the OWA virtual dir, but still not working.

    @jimthemcp: i'll give that a try, maybe that works for me too!
    Tuesday, July 28, 2009 1:20 PM
  • what i did was within iis manager is made the following change only the default web site (not any virtual directories)
    under the error pages features i modified the custom error page for error code 403
    i changed it to respond with a 302 redirect and set the absolute URL to https://mail.domain.com/owa

    well i've tried this too, without luck...
    Any other idea's?

    If I try this with Firefox it tells me that the server is redirecting the request into an infinite loop... could it be that I've created a loop somewhere?
    Tuesday, July 28, 2009 1:39 PM
  • check your virtual directories and make sure they do not have this setting
    iis 7 virtual direcotries tend to inherit from the web site
    Tuesday, July 28, 2009 2:11 PM
  • the only virtual directory that has this redirect is the OWA directory...when i remove it from this directory as well then the redirect on the default web page dissappears as well...

    but i do notie that I removed it from ALL directories, even directories like "auth" and "bin"...was that a bit too much?
    Tuesday, July 28, 2009 2:24 PM
  • The root IIS 7 directory default file should contain a redirect to the https://domain.com/exchange

    Configure IIS 7.0 for Redirects:

    On the Client Access Server modify the iisstart.html page in C:\inetpub\wwwroot to the following:

    <html>

    <head>

    <title>HTML Redirection to https:</title>

    <META HTTP-EQUIV="Refresh"

    CONTENT="1; URL=https://webmail.url.com/exchange">

    </head>

    <body>

    This page is attempting to redirect you to <a href=" https:// webmail.url.com /exchange/">https:// https:// webmail.url.com /exchange</a><br>

    If you are not redirected within a few seconds, please click the link above to access Outlook Web Access.

    </body></html>

    Also, configure the IIS 7.0 error pages:

    Error Code 403 – Set to Respond with a 302 Redirect and specify the URL
    SF - MCITP:EMA, MCTS
    Tuesday, July 28, 2009 4:42 PM
  • thank you Scott for your reply.

    I've tried your solution and it still doesn't work.
    What address should be assigned to the external OWA address in the Exchange Management Console?

    Now it states https://webmail.mydomain/owa
    Wednesday, July 29, 2009 7:33 AM
  • I'm reinstalling the CAS role and IIS right now...let's see if that does the trick
    Wednesday, July 29, 2009 8:23 AM
  • this unfortunately hasn't achieved anything. I'm still getting the same error. I've de-installed IIS and CAS as described in http://support.microsoft.com/default.aspx/kb/320202
    I've left the external address blank in the OWA properties field (Exchange Management Console) and as long as i don't enable the http redirect I'm able to connect to https://webmail.mydomain.nl/owa

    But when i enable http redirect to https://webmail.mydomain.nl then i end up at the login screen and enter my credentials, then the site hangs on
    "waiting for https://www.mydomain.nl\owa\owaauth.dll..."

    I've disabled http redirect on all the other virtual directories as described in http://technet.microsoft.com/en-us/library/aa998359.aspx

    any ideas?
    Wednesday, July 29, 2009 10:22 AM
  • I notice that whenever the site hangs on the owaauth.dll i get these messages in the evenvwr, CAN IT BE AN ASP.NET PROBLEM??

    Event code: 3008
    Event message: A configuration error has occurred.
    Event time: 7/29/2009 12:24:39 PM
    Event time (UTC): 7/29/2009 10:24:39 AM
    Event ID: 33c8d0bb3d9045e28d390b6bacc5dc42
    Event sequence: 4
    Event occurrence: 3
    Event detail code: 0

     

    Application information:
    Application domain: /LM/W3SVC/1/ROOT/Autodiscover-1-128933365014758049
    Trust level: Full
    Application Virtual Path: /Autodiscover
    Application Path: C:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscover\

    Machine name: EXC01
    Process information:
    Process ID: 832
    Process name: w3wp.exe
    Account name: NT AUTHORITY\SYSTEM

     

    Exception information:

    Exception type: ConfigurationErrorsException
    Exception message: Could not load file or assembly 'Microsoft.Exchange.Clients.Owa' or one of its dependencies. The system cannot find the file specified. (C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\web.config line 41) (C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\web.config line 41)

     

    Request information:

    Request URL: https://EXC01.MijnWebDesktop.local:443/Autodiscover/Autodiscover.xml
    Request path: /Autodiscover/Autodiscover.xml
    User host address: 192.168.1.127
    User:
    Is authenticated: False
    Authentication Type:

    Thread account name: NT AUTHORITY\SYSTEM

    Wednesday, July 29, 2009 10:38 AM
  • what happens if you go to the local server and do https://localhost/exchange?

    I'm wondering about SSL cert on the CAS server.

    What happens when you do this:

    Test-OwaConnectivity –URL https://url.com/owa -MailboxCredential (Get-Credential domain\user) -TrustAnySSLCertificate -Verbose

    and

    Test-WebServicesConnectivity –MailboxCredential (Get-Credential domain\user) -TrustAnySSLCertificate

    Also, have you done a test-servicehealth

    What about a BPA?

    This should work internally first.  Are you coming through a reverse proxy or anything like that or are you connecting directly to the server?


    SF - MCITP:EMA, MCTS
    Wednesday, July 29, 2009 12:43 PM
  • when i go to https://localhost/exchange i cant connect, "Internet Explorer cannot display the webpage"

    on the first test i get this error:
    WARNING: The test received an unexpected response to an Outlook Web Access request.

    Second test:

    [System.Net.WebException]: The underlying connection was closed: An unexpected error occurred on a send.
    Inner error [System.IO.IOException]: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.


    test-servicehealth seems to run ok.

    What is a BPA?

    And no reverse proxy or anything, we connect directly to the server. I just find it weird that the SSL connection does work as long as i dont use http redirect.

    So basically, from the inside it doesn't work...and if that doesn't work then from the outside it will never work, is that it?
    Wednesday, July 29, 2009 2:02 PM
  • Hmm, BPA is the Best Practice Analyzer. 

    So, you can't ge tto OWA at all.

    What kind of Cert are you using?  Self Signed, Private or Public? 

    My only guess is that Virtual Directory may have been corrupted.  You could try to remove it, make sure the folder for that virtual dir is empty and then recreate it.

    Another option would be to remove the CAS server and then do a setup /recoverserver

    I'm thinkling IIS may have gotten messed up at some point.

    What OS are you using?
    SF - MCITP:EMA, MCTS
    Wednesday, July 29, 2009 2:57 PM
  • When I set this up in my environment I found that IIS 7 will apply the redirect to all virtual directories under the site.  In other words, if you use the HTTP Redirect feature on the default web site to redirect to "owa," this gets applied on all virtual directories under it as well.  As a result, you are redirected from mysite.com to mysite.com/owa, which redirects to mysite.com/owa/owa, etc.

    In short, be sure the HTTP Redirect feature is not set on the OWA virtual directory (and all of your other virtual directories).
    Wednesday, July 29, 2009 4:58 PM
  • @Scott: it's a public cert i believe, we bought it somewhere...
    So you mean that the actual folder of the virtual folder (C:\Program Files\Microsoft\Exchange server\Client Access\OWA) should be empty before i rebuild it?

    i'm using windows server 2008

    @neil: but when i remove the http redirect from the owa folder too, then the http redirect also gets removed from the default web page...
    Wednesday, July 29, 2009 7:16 PM
  • @neil: but when i remove the http redirect from the owa folder too, then the http redirect also gets removed from the default web page...
    That's a problem, as long as the redirect is set on the owa folder, it won't work.  In fact I remember getting the same message you were about owaauth.dll when I had that problem.
    • Marked as answer by Serge de Klerk Thursday, August 6, 2009 10:57 AM
    Wednesday, July 29, 2009 8:12 PM
  • I would remove the owa virtual directory (as you tried before) using the Exchange command line tool.

    Then I would validate the home folder is empty after removing the dir.

    Then I would recreate the owa virtual directory, test it for OWA connectivity and verify OWA works. 

    Once that is done I would do the redirects as mentioned above.

    If you are using coexistance you will want to set up the redirect on the /exchange folder b/c that is where users will need to go to.  The /exchange folder will direct them to 2003 or 2007 depending on where the account is.

    If they are all one 2007 then direct them to the /owa folder.

    You also may need to remove the Exchange 2003 folder as mentioned above and recreate it. 
    SF - MCITP:EMA, MCTS
    Wednesday, July 29, 2009 8:17 PM
  • I've deleted the CAS role, emptied the owa folder and the reinstalled the CAS role.

    Without the redirect the OWA is available at https://webmail.mydomain.nl/owa
    I turn redirect on and i have this problem again. Weird thing is that i cant remove the http redirect from the OWA virtual directory, because when i do that, just like neil said, then the redirect on the default web site is removed too...

    When i look at the advanced options of the default web site the I see that the physical path is "C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa" and the app pool is "MSExchangeOWAAppPool" ...  are those the right settings for the default web site, because they are the same as for the owa virtual directory??

    Maybe i should put the OWA rule on another server just to check if that would work...
    Friday, July 31, 2009 11:49 AM
  • HTML code should be at the root directory, not the owa directory.

    The redirect should be from the errors page on the root directory as well.

    This of course is in IIS 7, and you can find those directories by exploring iis 7 and select (I think) explore or browse.  Can't remember off the top of my head.
    SF - MCITP:EMA, MCTS
    Saturday, August 1, 2009 11:16 PM
  • I finally got it working!

    as Neil said, the problem was that the redirect also was on the OWA virtaul directory. When I removed it from the OWA dir then the redirect also disappeared from the default web site.
    That problem was caused by the fact that for some odd reason the default web site had the same application pool and physical path as the OWA dir, so they also use the same web.config file.
    Therefor changing settings for the one also affected the other. I changed the settings for the default web site to "default app pool" and for the physical path "C:\Inetpub\wwwroot"

    Now I was able to disable the redirect on the OWA dir and voila...OWA works!

    Thanks for your help guys!
    Thursday, August 6, 2009 11:07 AM
  • It is working; I am looking for comments or a better way. (403 Error)?

    I am migrating from Exchange 2003 on a 2003 server to Exchange 2007 on a 2008 server.  Both Exchange 2003 and 2007 are coexisting during the migration process to Exchange 2007.  On Exchange 2003 running on 2003 server runs iis 6.0 (to figure out which iis version – Control Panel > Add Remove Programs, Help About does not show you the iis version).  On Exchange 2007 running iis 7.0 (Help About displays the iis version). 

    I am trying to accomplish access web mail by going to http://mysitename to redirect https://myservername/owa.  First let me tell you what did not work and then I will go over what works.

    On iis 7.0 on the 2008 server Start > Administrative Tools > iis Manager , click on Sites > Default Web Site and in the default website home right screen I clicked on Redirect and added https://myservername/owa and it did not work.

    I also tried writing a .asp and a .aspx redirect program and I could not get the iis 7.0 code to work, nor did I figure out exactly where to put the code.

    What worked is in the default website double clicking on 404 Error and selecting 403 error I added under “respond with a 302 redirect” https://myservername/owa (note if you have not changed anything to see the correct under owa double click “http redirect,” the url should be listed and the url listed under owa redirect is the url that I added to the 403 error, 302 redirect.

    What I am interested in is there a better way to redirect http to https and if so what is the correct code for iis 7.0?

    Wednesday, August 19, 2009 3:25 PM
  • A caveat maybe the missing part:  Following the solutions provided above add these steps – in iis click on the Default Web Site, double click on the SSL icon located on the right of the page, turn off ssl, apply and in a command prompt type iisreset.

     

    Then click on owa and double click on ssl and enable both require SSL and 128-bit SSL, apply and in a command prompt type iisreset.  It works now and this is a simpler solution.   

    Wednesday, August 19, 2009 8:41 PM
  • Ill go ahead and post this up again - I used the URL re-write successfully to do 80->443 as well as / -> /owa

    http://chrislehr.com/2008/11/exchange-2007-owa-redirect.htm

    Chris
    Monday, October 5, 2009 7:07 PM