Microsoft KB Archive/279681

= How to Force SSL Encryption for an Outlook Web Access 2000 Client =

PSS ID Number: 279681

Article Last Modified on 10/22/2002

-

The information in this article applies to:


 * Microsoft Internet Information Services 5.0
 * Microsoft Exchange 2000 Enterprise Server

-



This article was previously published under Q279681



SUMMARY
When you use Outlook Web Access 2000 (OWA), Microsoft recommends that you require Secure Sockets Layer (SSL) to encrypt or secure the data to ensure that all data is hidden from malicious users. However, when you configure Internet Information Services (IIS) 5.0 to require SSL for all incoming requests that are destined for OWA 2000, and a request comes in using non-SSL (http://), IIS responds with the following error message:

HTTP 403.4 - Forbidden: SSL required Internet Information Services

This in turn forces the incoming client to manually type in HTTPS:// instead of HTTP:// to complete the SSL connection. Some administrators may want to have this accomplished automatically for the user so that any time a request comes in using HTTP://, it is redirected to HTTPS:// automatically. This eliminates any user interaction for the client and verifies that all incoming connections are SSL enabled.

This article explains how to implement this solution with IIS 5.0 and OWA 2000 with little to no impact on the user experience and server.



MORE INFORMATION
To implement this solution, perform the following steps:   Create an ASP page named Owahttps.asp that contains the following data, and then save it in the Inetpub\Wwwroot\Owaasp directory:

NOTE: The SERVER_PORT and SERVER_NAME in the code should not be replaced with an actual server port or server name. They are variables and the code snippet should be copy/pasted as it is shown without modification.

<%     If Request.ServerVariables(&quot;SERVER_PORT&quot;)=80 Then Dim strSecureURL strSecureURL = &quot;https://&quot; strSecureURL = strSecureURL & Request.ServerVariables(&quot;SERVER_NAME&quot;) strSecureURL = strSecureURL & &quot;/exchange&quot; Response.Redirect strSecureURL End If  %>  Open Internet Service Manager. Expand (double-click) Computer Name. Expand Default Web Site. Right-click the Exchange folder, and then click Properties. Click the Custom Errors tab. Double-click on the 403.4 error code.</li> In the Message Type drop-down list, select URL.</li> In the URL field, type /owaasp/owahttps.asp .</li> Click OK.</li> Click the Directory Security tab.</li> In the Secure Communications section, click Edit.</li> Click to check the Require secure channel (SSL) check box. (Click Require 128-bit encryption if you need to require 128-bit clients.)

NOTE: The Exchange folder is the only folder that needs to have the Required setting selected for OWA to require SSL. If you have other folders that need to be required, to allow for the HTTP request, verify that the OWAasp folder does not have the requirement set.</li> Click OK.</li> Click OK.</li> Type the following at a command prompt (or you can restart the server):

net stop iisadmin /y

NOTE: Make a note of what services were stopped. When you use Exchange Server 2000, all Exchange Services stop when you stop IIS.</li> Restart all stopped services.</li> Test for functionality.</li></ol>

Additional query words: iis 5 owa ssl redirect

Keywords: kbinfo KB279681

Technology: kbExchange2000EntServ kbExchange2000Search kbExchangeSearch kbiis500 kbiisSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.