OWA - Redirection Pages from http to https
As a good Exchange administrator you should be deploying SSL on to your Outlook Web Access.
To further increase the security of your network, you should stop http traffic coming in, by allowing just port 443, not port 80.
However, this change will cause complaints from users, who don't want to have to remember to put in the https in front of the URL. You could just tell the users to get used to it (and in most cases they will) but usually the administrator is forced to come up with a compromise, and put in a redirect.
The Microsoft Method
This is the way that Microsoft ask you to do it: http://support.microsoft.com/kb/839357
The flaw with that method is that you must open port 80 on your web site and also reconfigure IIS to use the replacement page.
The Sembee Method
This is the way that we offer this facility, which uses the public web site of the client, but needs to have a site that supports ASP.
- Create a new page on your public web site that has a url that the users can remember... for example
http:// www example .com /email/
- Copy and paste the following code in to notepad, and save it as default.asp
<% response.redirect "https://mail.example.com/exchange" %>
Yet this method can be further enhanced.
If you have deployed Outlook Mobile Access (OMA) as well (Exchange 2003 only), then you can change the code to the following...
<%
If InStr(Request.ServerVariables("HTTP_USER_AGENT"),"Windows CE") > 0 Then
response.redirect "https://mail.example.com/oma"
End If %>
<% response.redirect "https://mail.example.com/exchange" %>
What this code does is detect that the client is a Pocket PC device and redirect the browser to the OMA page. If the client isn't a pocket PC, then they get the regular OWA login page.
Combining this code with the default web page configuration change
(Exchange 2003 Only)
If you have made the modification to present the Exchange 2003 forms based authentication page to the users as the default when they hit https:// mail domain.com so that they don't have to put the /exchange at the end, then you can combine this code with that change so that a mobile client is redirected to OMA.
This requires a change to the page that is presented to the client.
This guide is based on English language locations within Exchange. If you are using non-English pages then you will need to adjust those as required.
It is of no use to Exchange 2007 users as Exchange 2007 does not have OMA.
- Find the file logon.asp in the following location: \Exchsrvr\exchweb\bin\auth\usa and take a backup copy of it.
- Open the file in notepad.
- Scroll down the page until you find <!-- <%=sGuid%> -->, which has "<!DOCTYPE HTML PUBLIC". Immediately below it.
Immediately above <!-- <%=sGuid%> -->, paste the following code:
<%
If InStr(Request.ServerVariables("HTTP_USER_AGENT"),"Windows CE") > 0 Then
response.redirect "https://mail.example.com/oma"
End If %>
The resulting code should look like this:
If Err.Number <> 0 Then
Err.Clear
End If
End Function
%>
<%
If InStr(Request.ServerVariables("HTTP_USER_AGENT"),"Windows CE") > 0 Then
response.redirect "https://mail.example.net/oma"
End If %>
<!-- <%=sGuid%> -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--Copyright (c) 2000-2003 Microsoft Corporation. All rights reserved.-->
- Save the page and take a backup of the modified page. It may get overwritten by any patches or updates. If you update the server in the future, check the page to see if it has been modified - if so, place your additional code in the same place. Don't replace the new page with your old one as it may cause a compatibility issue.
Questions
Q: What Happens if the user has changed their browser identification code?
A: It will not work, because the server thinks it is a real PC and not a Pocket PC. The user needs to put the registry change back.
Q: Our corporate web site doesn't support ASP, is there a PHP version of this code?
A: You can probably recreate the above sequence in PHP, but we don't have those skills in house.