Redirect OWA from http to https Exchange 2010-2013

exchangelogo

This applies for Exchange 2010 as well as Exchange 2013. I just tested this out on both and they both work.

Essentially we had a problem, users were not smart enough to go to https://owa.domain.com or https://mail.domain.com/owa (Mostly the HTTPS:// part). With this, users can go to “owa.domain.com” or “mail.domain.com/owa” and it will automatically forward to the HTTPS site.

NOTE** We have UCC SSL certs for both these servers. I’m not saying it will NOT work without them, I’m saying I have not tested such an environment.

Steps (7 total)
1Rename Web.Config File
Expand
Go to the Windows Server on which Exchange is on. Go to the directory C:\inetpub\wwwroot and look for the web.config file. Rename this file “web.config.old”. **KEEP THIS FOLDER OPEN, YOU WILL COME BACK TO VERIFY SOMETHING LATER***

2Restart IIS
Expand
Next, open up Admin CMD.
Enter the following lines one at a time.

cd \
iisreset /restart

Verify that it starts again. If it does not, reboot the server.

Go back to the directory of C:\inetpub\wwwroot. Make sure,at this time, there is NO web.config file and the web.config.old file is still there.

3Open IIS Manager
Expand
Open up IIS Manager, expand local computer, expand site and click on “Default Web Site”

4HTTP Re-Direction
Expand
Make sure you are viewing “Default Web Site” in “Feature View” (It is clickable at the bottom). Then in the middle pane, double-click on HTTP Redirect.

Type the absolute path of the /owa virtual directory. For example, type https://mail.domain.com/owa.
– Do NOT type in what you want the website to be, you need to type in the actual virtual directory.-

Next, make sure the box is checked for ” Only redirect requests to content in this directory (not subdirectories)” – Leave the other box unchecked.

!!!!! Do not do this for the ECP directory leave it unchecked or it will break the web managment aspect of exchange. !!!!!

In Status Code, click and choose Found (302)
NOTE: This should be like this by default.

Click Apply in the top right

5SSL Settings
Expand
FOLLOW CAREFULLY:

On the left pane, click on “Default Web Site”. Then in the middle pane double-click on SSL Settings. At the Default Web Site, UN-CHECK “Require SSL” ONLY for this level.

Go to Each other level “aspnet_client” “Autodiscover” “ecp” “EWS” “mapi” “Microsoft-Server-ActiveSync” “OAB” ‘owa” “PowerShell” “Rpc” and make sure that “Require SSL” is CHECKED

To do this, at each level you much click on the level, and then double-click on “SSL Settings”, after your changes, apply them and then move onto the next level.

**You do not need to touch Exchange Back End”**

6Verify web.config
Expand
Go back to the directory of C:\inetpub\wwwroot and verify that a new web.config file has been created. If it has not, a server reboot is needed.

7DNS (May or may not be required)
This next step is for if you have an older environment that you are upgrading or have upgraded. Because Microsoft now says that best practices to ONLY use .COM in everything internal and external, it creates complications for networks that have been upgraded from a 2003 environment. A DNS entry will need to be manually created for the users internally to access OWA this way.

**This will vary from site to site. Your company may do it different from us, but I am only giving examples of what we did. Essentially it will be similar no matter what**

Go to your DNS server, and open up DNS management.
If you do not all ready have an A-Record for your mail server at the .COM level, you should put one in at this time

For Example:
mail.domain.com points to 192.168.100.xxx

Next you will need to create a CNAME record. You want to do this at the same level, the .COM level.

Following the Example before, you want to point this to your previous A-Record, so in this case: “mail.domain.com”
**NOTE: it is best to browse to it using the browse feature to ensure any spacing or typos**

Once this is done, it should work internally and externally on the old systems originally running 2003 environments with .Local.

Conclusion

This will work on Exchange 2010 working on Server 2008R2. The server I showed here is a Server 2012R2. I hope this works for all of you as it has worked for me.

This information was taken from http://community.Spiceworks.com in a post by Johnny Lambert great information