OWA ssl anomaly

phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
Came across a strange issue yesterday where an Exchange 03 box with owa has been working fine for several years now, however when I went into iis and looked at the properties of the default website I noticed that require ssl is unchecked under secure communications. I say it's strange because I can access https://server/exchange but not http://server/exchange. And when logging in to https://server/exchange, I can see the cert and I'm able to login. How is that possible with ssl unchecked??

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Are you guys offloading SSL to a load balancer by any chance? That' would explain the box being ticked off.
  • it_consultantit_consultant Member Posts: 1,903
    Yep, there is a reverse proxy somewhere. Probably TMG or UAG.
  • ClaymooreClaymoore Member Posts: 1,637
    I also uncheck SSL on the default website when I configure the OWA redirect for https and /owa. SSL is turned off on the root of the default website, but turned on for the OWA virtual directory. They may have an IIS redirct configured on that server for /Exchange. You could test that by browsing to http://server and see if that takes you to OWA.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    cyberguypr wrote: »
    Are you guys offloading SSL to a load balancer by any chance? That' would explain the box being ticked off.

    No we are not. We are also not redirecting, the default website points to c:\inetpub\wwwroot. I also checked /Exchange, /Exchweb, and /OMA and none of them are being redirected nor do they have ssl enabled.

    When I go to http://server, I get an iis 'page under construction' page.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Claymoore wrote: »
    I also uncheck SSL on the default website when I configure the OWA redirect for https and /owa. SSL is turned off on the root of the default website, but turned on for the OWA virtual directory. They may have an IIS redirct configured on that server for /Exchange. You could test that by browsing to http://server and see if that takes you to OWA.

    This is how I remember it seeing it set up in the past.

    Is it possible that your cert has expired?

    When you say it had an issue, what was the actual issue? Were people unable to access OWA?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • it_consultantit_consultant Member Posts: 1,903
    phoeneous wrote: »
    No we are not. We are also not redirecting, the default website points to c:\inetpub\wwwroot. I also checked /Exchange, /Exchweb, and /OMA and none of them are being redirected nor do they have ssl enabled.

    When I go to http://server, I get an iis 'page under construction' page.

    Even with a reverse proxy you would still point everything ot the default website and you would not necessarily need to use a redirect.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    blargoe wrote: »
    This is how I remember it seeing it set up in the past.

    Is it possible that your cert has expired?

    When you say it had an issue, what was the actual issue? Were people unable to access OWA?

    No production issue, users are able to use owa just fine. Just thought it was strange that ssl was unchecked but actually working. Cert doesnt expire until 2020.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Even with a reverse proxy you would still point everything ot the default website and you would not necessarily need to use a redirect.

    But that's what I'm saying, we do not have reverse proxy setup.
  • it_consultantit_consultant Member Posts: 1,903
    I believe you, the way you wrote a post made it seem like the fact there is no redirect was evidence of a lack of a proxy - which isn't really true.
Sign In or Register to comment.