Resources For IT Professionals
With IIS 7.0 at our disposal, simplifying the OWA URL is much simpler than it was with Exchange 2007 installed on Windows Server 2003 and earlier versions of Exchange Server. Just like it’s the case with Exchange 2007
installed on Windows Server 2008 or 2008 R2, you no longer need to use an IIS redirect HTML file. Instead, you can use the native “HTTP Redirect” option in IIS 7.0.
To configure the “HTTP Redirect” option, open “IIS Manager” and click on the “Default Web Site” as shown in Figure 1.
Figure 1
Clicking on “HTTP Redirect” brings you to the screen shown in Figure 2. Here you should check “Redirect requests to this destination” and enter the absolute path to OWA (e.g. https://mail.fabrikam.com/owa). Also make sure you check “Only redirect requests to content in this directory (not subdirectories)” and make sure the selected status code is “Found (302)”. Then click “Apply”.
Figure 2
Because any redirection configured on the “Default Web Site" is propagated to the lower-level virtual directories (vdirs), you must remove the redirection setting on all existing vdirs. You do this by clicking on each vdir and from here on the “HTTP Redirect” button. Now simply uncheck “Redirect requests to this destination” followed by clicking “Apply”.
Figure 3
There’s only one more step left and that is to disable the SSL requirement on the Default Web Site. This is done by selecting the Default Web Site and clicking on the SSL button in the "Features View" as shown in Figure 4.
Figure 4
On the SSL Settings page, uncheck “Require SSL”.
Figure 5
If you don’t uncheck the SSL requirement, you will get an HTTP 403 Forbidden: Access is denied error.
Figure 6
Important |
|---|
| When you uncheck the SSL requirement on the Default Web Site, some of the virtual directories will inherit this configuration change. In order to make sure SSL is required for each virtual directory, open
"SSL Settings" and make sure the "Require SSL" option is checked. If not, you should check it and click "Apply". |
Now open the Exchange Management Shell or a Command Prompt window, and perform an “IISReset /noforce”.
Finally, verify automatic redirection works properly. To do so, launch Internet Explorer ">
When the above changes have been performed, internal Outlook MAPI clients as well as Outlook Anywhere clients will have trouble downloading the offline address book (OAB). Typically you wont' see a sync
error in the Sync Issues folder in Outlook, instead the progress bar will stop halfway through completion. As earlier, all virtual directories underneath the Default Web Site inherits the redirect setting. Therefore its necessary to uncheck the setting on all
vdirs afterwards. When “HTTP redirect” is enabled for a vdir, IIS configures/creates a web.config file for each vdir and “Authenticated users” are given read/execute permissions on this file. But unlike the web.config file for the other vdirs (Autodiscover,
ECP, EWS, OWA etc.), the web.config file associated with the OAB vdir is configured so that “System” and “local administrators” are given full control but “Authenticated users” for some reason doesn’t get read/execute permissions assigned like is the case
on the other vdirs. To correct the issue, assign“Authenticated users” read/execute permission to the OAB web.config file as shown in
Figure 7. The "OAB Web.Config" file can be found under C:\Program Files\Microsoft\Exchange Server\V14\Client Access\OAB. Parts of this Exchange Wiki page originally appeared in the following blog posts:
Important
Note
If you're transitioning from Exchange 2003, make sure to not remove the pre-configured redirect setting on the /Exchange, /ExchWeb, and /Public vdirs.
Changing Permissions for the OAB Web.Config File
Figure 7
