Redirect http to https on OWA IIS6.0 not working externally - chautran99

Hi,

I followed this note http://support.microsoft.com/kb/555053/en-us and
got everything working internally. when I type in http://servername in
automatically redirects me to https://servername/exchange which is
correct and what I wanted. The problem is that when i try this from an
external location i.e. when I type in http://domainname.co.uk or
http://domainname.co.uk/exchange it does not redirect me but when I
type in https://domainname.co.uk/exchange I can get to my exchange
server OK. MX record and external DBS is working fine as I get to my
exchange server from an external location without any problem. I can't
work out where exactly the problem. any help will be very much
appreciated. I am using exchange 2003 SP2 on windows 2003 server.

Thanks,

Chau

Redirect http to https on OWA IIS6.0 not working externally - chautran99

I mean DNS not DBS.
chautran...@gmail.com wrote:

Redirect http to https on OWA IIS6.0 not working externally - Phillip Windell

Publish OWA with both HTTP and HTTPS.  ISA does *not* do the redirect.
Both HTTP and HTTPS have to work through the ISA Web Publishing for the
Redirect to work.

The redirect is done by IIS on the Exchange box.

How to redirect to a secure exchange virtual directory and enable
Forms-based authentication
http://support.microsoft.com/kb/555053

Note:  Do *NOT* enable Forms-Based Authentication like the article says. The
article is not written with ISA in mind. The Forms Based Auth is done on the
IS *only*.

----In case you missed that part the first time----
Note:  Do *NOT* enable Forms-Based Authentication like the article says. The
article is not written with ISA in mind. the Forms Based Auth is done on the
IS *only*.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

Redirect http to https on OWA IIS6.0 not working externally - chautran99

Phillip Windell wrote:

Redirect http to https on OWA IIS6.0 not working externally - gershon

Hi,

ISA Server 2006 now supports HTTP to HTTPS redirection.

For more information on publishing Exchange 2003 with ISA Server 2006, you
can take a look at the following paper,
http://www.microsoft.com/technet/isa/2006/deployment/exchange2003.mspx.


--
Thanks,
Gershon Levitz
ISA Server Product Team
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Redirect http to https on OWA IIS6.0 not working externally - Phillip Windell

Doesn't that still leave http on the external side?  The address bar in the
user's browser still says "http"? Meaning that the SSL only exists between
the ISA and the OWA but not between the ISA and the user?

I've only dealt with this in ISA2004 but redirecting with ISA gave bad
results, so I had to do the redirect using an ASP file on the Exchange's IIS
to do the redirect. So if the user came through the Http Publishing Rule the
ASP files redirected to the "https" URL causing the user's browser to send a
new request through the SSL Publishing Rule.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------

Redirect http to https on OWA IIS6.0 not working externally - gershon

Yes you will have HTTP and HTTPS selected in the Web listner, and you would
then select "Redirect all traffic from HTTP to HTTPS". When you do this all
traffic from the client to the ISA server that is HTTP will be redirected as
HTTPS. So if the user enters http://mail.contoso.com/exchange the user would
be redirected to https://mail.contoso.com/exchange. So the traffic betwen the
client and the ISA server is secured.

For more information see
http://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx#AppendixA

--
Thanks,
Gershon Levitz
ISA Server Product Team
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Redirect http to https on OWA IIS6.0 not working externally - Phillip Windell

OK, very good.
Was my ISA2004 approach (and results) correct? So this way you describe is
unique to ISA2006?

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------

Redirect http to https on OWA IIS6.0 not working externally - hasselboxste

Is there a way to allow the web server being published to specify HTTP
or HTTPS...

For example, a public website that allows browsing over HTTP, but has
login pages that will redirect the user to an HTTPS connection.

With the 3 redirect options in ISA 2006, it seems I can have one or the
other but not both.

Thanks for any suggestions.

Redirect http to https on OWA IIS6.0 not working externally - Phillip Windell

It may require multiple publishing rules laid out in a specific order.
But I'm going to have to think about this one.
If anyone knows how to deal with it,...jump in, the water's warm...

Is there any more specific information you can give?

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------

Redirect http to https on OWA IIS6.0 not working externally - Phillip Windell

Looking in the MMC on my Lab machine,...it looks to me that you would publish
the site as if the whole thing was SSL,...then in the Bridging Tab of the
Publishing Rule you would select both HTTP and HTTPS and ISA would handle it
accordingly.  Your Listener of course, would have to accept both HTTP and HTTPS.

...still welcoming insight from others...

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------

Redirect http to https on OWA IIS6.0 not working externally - hasselboxste

This MS article... http://support.microsoft.com/kb/924373 describes
what is happening, although neither of the two workarounds are what I
need/want to do, because they force the entire site into HTTPS.  In my
case, a login secured portion of the site is HTTPS/SSL based.  I tend
to see this setup in e-commerce sites... for example amazon.  You
browse their catalog in HTTP.  At the point you proceed to their
checkout - you get directed into HTTPS.

I had an ISA 2004 installation that was upgraded to ISA 2006 where this
was working properly.  I remember encountering the same issues - but
unfortunately not the fix (which was accomplished with a single rule).
I have since moved to a new ISA 2006 appliance, with entirely new
configuration... and can't get this to function properly.

It's as if there should be a 4th option within the listener's
connection tab - "allow HTTP to HTTPS redirection"

I'd be happy to provide more specific information - if it would help.

Redirect http to https on OWA IIS6.0 not working externally - hasselboxste

I was able to get this to work, under one WEB server publishing rule.
I needed the ability to get HTTP->HTTPS and HTTPS->HTTP.
In my case, the webserver was dictating HTTP or HTTPS via
Response.Redirect commands in ASP.NET.

To accomplish this i useded link translation, adding two "do-nothing"
items:
orginal - trans
https://servername - https://servername
http://servername - http://servername

This was based off the following MS article, which only helped me get
from HTTP to HTTPS, but not HTTPS to HTTP, for that i needed the
second mapping:
http://support.microsoft.com/kb/924373

I hope this info can save someone else time in the future.

re: Redirect http to https - jules

Question directed more at "hasselboxste".  I am having the same problem as you posted on 24Jan.  The difference is that we are not using IIS but MOSS 2007.  Like you I want to force the login page only to SSL.  How can this be done in ISA2006?