Options
OWA ssl anomaly
Came across a strange issue yesterday where an Exchange 03 box with owa has been working fine for several years now, however when I went into iis and looked at the properties of the default website I noticed that require ssl is unchecked under secure communications. I say it's strange because I can access https://server/exchange but not http://server/exchange. And when logging in to https://server/exchange, I can see the cert and I'm able to login. How is that possible with ssl unchecked??
Comments
-
Options
cyberguypr
Mod Posts: 6,928 Mod
Are you guys offloading SSL to a load balancer by any chance? That' would explain the box being ticked off. -
Options
it_consultant
Member Posts: 1,903
Yep, there is a reverse proxy somewhere. Probably TMG or UAG. -
Options
Claymoore
Member Posts: 1,637
I also uncheck SSL on the default website when I configure the OWA redirect for https and /owa. SSL is turned off on the root of the default website, but turned on for the OWA virtual directory. They may have an IIS redirct configured on that server for /Exchange. You could test that by browsing to http://server and see if that takes you to OWA. -
Options
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
cyberguypr wrote: »Are you guys offloading SSL to a load balancer by any chance? That' would explain the box being ticked off.
No we are not. We are also not redirecting, the default website points to c:\inetpub\wwwroot. I also checked /Exchange, /Exchweb, and /OMA and none of them are being redirected nor do they have ssl enabled.
When I go to http://server, I get an iis 'page under construction' page. -
Options
blargoe
Member Posts: 4,174 ■■■■■■■■■□
I also uncheck SSL on the default website when I configure the OWA redirect for https and /owa. SSL is turned off on the root of the default website, but turned on for the OWA virtual directory. They may have an IIS redirct configured on that server for /Exchange. You could test that by browsing to http://server and see if that takes you to OWA.
This is how I remember it seeing it set up in the past.
Is it possible that your cert has expired?
When you say it had an issue, what was the actual issue? Were people unable to access OWA?IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Optionsit_consultant
Member Posts: 1,903
No we are not. We are also not redirecting, the default website points to c:\inetpub\wwwroot. I also checked /Exchange, /Exchweb, and /OMA and none of them are being redirected nor do they have ssl enabled.
When I go to http://server, I get an iis 'page under construction' page.
Even with a reverse proxy you would still point everything ot the default website and you would not necessarily need to use a redirect. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
This is how I remember it seeing it set up in the past.
Is it possible that your cert has expired?
When you say it had an issue, what was the actual issue? Were people unable to access OWA?
No production issue, users are able to use owa just fine. Just thought it was strange that ssl was unchecked but actually working. Cert doesnt expire until 2020. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
it_consultant wrote: »Even with a reverse proxy you would still point everything ot the default website and you would not necessarily need to use a redirect.
But that's what I'm saying, we do not have reverse proxy setup. -
Optionsit_consultant
Member Posts: 1,903
I believe you, the way you wrote a post made it seem like the fact there is no redirect was evidence of a lack of a proxy - which isn't really true.
