On Microsoft’s TechNet article http://technet.microsoft.com/en-us/library/aa998359%28v=exchg.150%29.aspx which provides instructions on how to setup HTTP redirect to HTTPS for you Exchange 2013 CAS server has invalid information.
We use this method in order to redirect users to a secure page. For example, say your OWA page is https://mail.domain.com/owa and the end user doesn’t type in “HTTPS” and instead just goes to http://mail.domain.com/owa. They would get an error message that the page cannot be reached. In order to make this easier on the end user, we can use a redirect to take them from http to HTTPS. Unfortunately though, the TechNet article listed above is incorrect.
Here are the parts to that article that are incorrect.
#1. It is under the category for Exchange 2013 but states at the top of the article it apples to Exchange Server 2010 SP2. If you read the article you can see they just cut and pasted it from Exchange 2010 and did a find and replace for 2010 to 2013. Not sure who at Microsoft did this without actually checking it, but sure enough, it is that way currently.
#2. It states in the article to modify the permissions on the offline address book web.config file on the CAS server. If you have a CAS server and Mailbox server, the file will not exist on the CAS server. I have confirmed that the OAB exists on the mailbox server, as stated at http://technet.microsoft.com/en-us/library/aa998359%28v=exchg.150%29.aspx
#3. By following the method in the TechNet article you will result in login problems on the HTTPS page.
So how do we go about fixing it so it does work?
In order to redirect the HTTP (80 port) to our right address, we can create an Error Page that has the redirection action built-in and these are the main steps:
1. Open IIS
2. Expand Sites and click on Default Web Site
3. Double click on Error pages icon on located on the right side
4. Then click on Add. on the right side (Toolbox Actions)
5. In the new window, type 403.4 on the first field,and select Respond with a 302 redirect and then type in the address of you OWA (using HTTPS and /OWA to make things easier), click OK.
In order to refresh the configuration you can run an IISReset.
Note: Even if you are testing locally, do not use localhost on the Absolute URL field.
I hope Microsoft updates their TechNet page with correct information.
Cheers,
Lyle Epstein
Recent Comments