Microsoft Exchange Server,  Windows Server

Redirecting Exchange Login Pages

By default, when you require an SSL certificate in IIS on an Exchange server, if users hit the page without providing an https:// in front they will get an error. Rather than require certificates, it’s better in most cases to redirect unsecured traffic to a secured login page. In order to do so, first configure the redirect. To do so, open IIS Manager and click on the Default Web Site.

At the bottom of the pane for the Default Web Site, click Features View if not already selected.
Screen Shot 2013-12-02 at 1.17.09 PM
Then open HTTP Redirect. Here, check the box for “Redirect requests to this destination” and provide the path to the owa virtual directory (e.g. https://krypted.com//owa).

Screen Shot 2013-12-02 at 1.18.03 PMIn the Redirect Behavior section, select the “Only redirect requests to content in this directory (not subdirectories)” check box and set the Status code to “Found (302)”.

In the Actions pane to the right of the screen, click Apply. Then click on Default Web Site again and open the SSL Settings pane. Here, uncheck the box for Require SSL.

Screen Shot 2013-12-02 at 1.17.19 PMOnce done, restart IIS by right-clicking on the service and choosing Restart or by running iisreset:

iisreset /noforce

Next, edit the offline address book web.config file on the CAS, stored by default at (assuming Exchange is installed on the C drive) C:\Program Files\Microsoft\Exchange Server\\ClientAccess\oab. To edit, right-click web.config and click Properties. Then click Security and then Edit. Under Group, click on Authenticated Users. Then click Read & execute for Authenticated Users in Permissions. Then click OK to save your changes.

Finally, if you have any issues with any messages not working, start the IIS Manager. Then browse to the virtual directories and open HTTP Redirect. Then uncheck “Redirect requests to this destination” and click Apply. When you’re done, restart IIS again and test the ability to send and receive emails to make sure that mail flow functions without error from within the web interface.