Welcome to ISAserver.org

RE: Discussion about article on redirecting OWA users part 1

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> RE: Discussion about article on redirecting OWA users part 1

Page: << < prev 1 [2]

Message

<< Older Topic Newer Topic >>

RE: Discussion about article on redirecting OWA users p... - 21.Dec.2005 9:33:19 PM

lolson

Posts: 43
Joined: 23.Nov.2005
Status: offline

Actually, if you look at the top of this article that Tom wrote, he mentions "Redirecting HTTP Users to the SSL Site" and actually says that the best solution is to use Jim Harrison's ISA_Redirect.zip which is available on isatools.org.

I have used much of the information in this ZIP and created my own Jscript redirect to https using the error page. IT works great and does not get anywhere near the Exchange server.

Further, I have used the information in this article to add the the / to the paths of my ISAServer rule and it works great too.

I would suggest you use the same methods, keeping as much traffic off your your Exchange Servers IIS is a real good thing.

Right Tom???

< Message edited by lolson -- 21.Dec.2005 9:34:51 PM >

(in reply to SilveRRing)

Post #: 21

Featured Links*

RE: Discussion about article on redirecting OWA users p... - 21.Dec.2005 9:53:40 PM

SilveRRing

Posts: 2
Joined: 21.Dec.2005
Status: offline

Yes, i know what you mean, but still, i find this method a bit more simple and easier to document so that if another administrator had to compreend how this redirecting is done. I would also like to add that you can use any IIS to create the "redirect page", like the corporate Web Site Server or something like that, not the exchange's IIS necessarily. But i agree that it does add some more traffic to the internal network.

I played a bit with the scripts too. The thing is, the error page displayed to me, in case of the wrong protocol was used, was the Exchange Server's IIS and not the ISA Server's one. In fact, page 403-4.htm did not exist in the common error pages folder at the ISA. Any sugestions/ideas here?
I managed to successfully replace the exchange error page with a scripted one to redirect to the right protocol page, but this has no advantage to my method since i still get more traffic on the internal network.

(in reply to lolson)

Post #: 22

RE: Discussion about article on redirecting OWA users p... - 21.Dec.2005 10:52:12 PM

lolson

Posts: 43
Joined: 23.Nov.2005
Status: offline

Create an HTML page and paste the code below to it - save it as c:\program files\microsoft isa server\errorHtmls\12211r.htm

Step 1:
<HTML>
<body onLoad="SecurePortRedirect();">
</body>
<script language="javascript">
/*
***************** BEGIN METHOD INFORMATION ********************************
Name: SecureHTTPRedirector
Created Date: 12/13/2005
Created By: Lars Olson
Modified by:
Description: This error handling page will redirect HTTP traffic to HTTP
***************** END METHOD INFORMATION ********************************
*/
function SecurePortRedirect()
{
strUnSecure = location.protocol;
strURL = location.host;
strSecure = "https://";

if(strUnSecure == "http:")
{
strSecure = strSecure + strURL;
document.location = strSecure;
}
}
</script>
</html>

Step 2:
Modify your OWA listener to include HTTP (under the preferences tab of the listener
click ok to accept your changes

Step 3:
Click the traffic tab on your OWA rule, you will notice that https and http are now listed in addition you can now select the 2 check boxes at the bottom. (Notify http user and require 128bit encryption)
click ok to accept your changes

Step 4:
Apply the changes to your ISA Configuration and away you go - redirect now working without touching your Exchange Server.

Hey Tom, shall I write an article for ya?

(in reply to SilveRRing)

Post #: 23

RE: Discussion about article on redirecting OWA users p... - 20.Apr.2006 4:52:24 PM

chrismy

Posts: 3
Joined: 17.Jun.2003
From: london
Status: offline

Hi
Using your article section redirecting users to /exchange folder . I am currently using ISA 2000 and I can't seem to type in /Exchange\
the \ is replaced by / . Is there away around this. All I want to do is some simple redirection to OWA when a user types is http://owa.xyz.com
Thanks
Chris

(in reply to tshinder)

Post #: 24

RE: Discussion about article on redirecting OWA users p... - 13.Jun.2006 5:17:55 PM

AlexMondale

Posts: 2
Joined: 13.Jun.2006
Status: offline

Hmm. This appears as though it should work, but didn't in my ISA 2004 (clustered) world. All HTTP requests go straight through to the web server (which has a PIX conduit open *only* on 443) rather than hitting your custom 12211 error page. Doesn't seem to matter whether the "Notify HTTP Users to use HTTPS instead" is checked or unchecked in my configuration, since the traffic from ISA to the web server is passed only over HTTPS. Since my site uses BASIC authentication and is located in an extranet AD Domain, I cannot have users presenting credentials with HTTP. Any suggestions?

(in reply to lolson)

Post #: 25

RE: Discussion about article on redirecting OWA users p... - 13.Jun.2006 5:31:27 PM

AlexMondale

Posts: 2
Joined: 13.Jun.2006
Status: offline

After researching, it appears you have to permit port 80 on the Bridging Tab as well as the Listener? Having done so, I can still not get it to pick up the custom 12211r.htm error page I built out of Lars' suggestion above? I now get a generic 403.4 / 12211 error page when attempting to hit the site with http:

(in reply to AlexMondale)

Post #: 26

RE: Discussion about article on redirecting OWA users p... - 19.Sep.2006 8:36:40 AM

laz

Posts: 2
Joined: 19.May2004
Status: offline

In my case - Windows 2003 server SP1 and ISA 2004 SP2 redirecting to path /exchange\ go to URL http://xxx.xxx.xxx.xxx/exchange%5C .
And I get 500 Internal Server Error/
So I set path /exchange// and now it works ok.

(in reply to AlexMondale)

Post #: 27

RE: Discussion about article on redirecting OWA users p... - 22.Nov.2006 1:03:27 PM

pwindell

Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

The lin mentioned in the article as: http://support.microsoft.com/default.aspx?scid=kb;en-us;555126&Product=exch2003

...doesn't appear to be valid anymore. Here is another link that has the same information:
http://support.microsoft.com/kb/555053

Phil

(in reply to SilveRRing)

Post #: 28

RE: Discussion about article on redirecting OWA users p... - 13.Jul.2007 8:43:17 AM

danrdevine

Posts: 3
Joined: 6.Jul.2007
Status: offline

Trying to redirect / to /OWA\ pointing to an Exchange 2007 web access and it doesn't work. Anyone tried this? I get a prompt in IE to enter credentials and then it seems to login, but brings me to a page full of missing images.

-Dan

(in reply to lolson)

Post #: 29

RE: Discussion about article on redirecting OWA users p... - 13.Jul.2007 3:21:59 PM

ferrix

Posts: 369
Joined: 16.Mar.2005
Status: offline

Talking about the paths in the WebDirect rules? With much respect and thanks to Tom, the way he has the redirect rules set up in the article is sort of wrong; it can lead to browser-specific behavior and authentication troubles.

The guide at: http://www.collectivesoftware.com/Support/WebDirect.pdf
has the most accurate examples (look at the Advanced Path Mapping section)

The other important thing is to make sure that your http rules do not require any form of authentication. First because it's a security risk sending credentials over http, but also because it can lead to having to type in login twice. Recall that the redirect traffic should be allowed as anonymous; it's never making it past the ISA server so there's no need to "authorize" it.

If you're still stuck about the webdirect product you can ask for support at http://tix.collectivesoftware.com/

Good luck.

(in reply to danrdevine)

Post #: 30

RE: Discussion about article on redirecting OWA users p... - 13.Jul.2007 3:27:56 PM

danrdevine

Posts: 3
Joined: 6.Jul.2007
Status: offline

Thanks for pointing out the bit about HTTP authentication. I am using that and didn't stop to consider that not using SSL would contribute to the way this works. I plan to use ssl, just didn't bother installing it on the demo box.

(in reply to ferrix)

Post #: 31

remove - 11.Dec.2007 11:45:29 AM