We all know from experience that advising end users to browse to https://mail.yourdomain.com/OWA if you are running Exchange 2007 or /exchange if you are running Exchange 2003 is usually problematic . Oh! and did I forget to mention that it’s HTTPS and not http! We must admit that not all end users are likely going to remember this URL and at times even struggle to distinguish the difference between secure and non secure sites. Well if you are running ISA 2006 as an edge or secondary application layer firewall then we can easily simplify the URL that we will publish to our end users by creating a deny rule which will then automatically redirect them to the correct address. By the end of this post, your end users will only need to remember a simple URL in the form of mail.yourdomain.com (notice that http or https is not required). This post is assuming that you already have an existing Exchange Publishing Rule in ISA 2006. Note, that this technique can also be used for other websites that ISA may already be protecting such as SharePoint and Terminal Server Web Access.
Let’s begin by launching the ISA Management Console, and navigate to create a new web site publishing rule. The New Access Rule Wizard will launch in which you will begin by specifying a name for your rule.
Select Deny as your Rule Action
Select Publish a single web site or load balancer.
Select Use SSL to connect to the published Web server or server farm.
Enter your Internal Publishing Details which should be identical to the original Exchange Publishing rule.
Click Next and then Next again skipping the Path details.
Enter the Public Name details as per your original Exchange Publishing rule.
Select the existing Exchange Web listener that you already have created for your Exchange Publishing Rule.
Select, No delegation, and client cannot authenticate directly.
Remove Authenticated Users if present and select All Users instead.
You will then receive the below warning as we have selected All Users. Ignore this warning and click on OK to continue.
Now that the rule has been created, we need to specify the redirect page. Right Click on the newly created rule and select properties. Navigate to the Action tab and click on the check box beside “Redirect HTTP requests to this Web page:” and enter the full Outlook Web Access URL.
We are now complete. You will need to ensure that the deny rule is place immediately below the original Exchange Publishing Rule as per the below screen shot. When a user now enters the url mail.yourdomain.com it will hit the redirection rule that we have just created which will then redirect to https://mail.yourdomain.com/owa and authenticate against your original Exchange OWA rule.
In summary we have removed the all so common confusion that end users may encounter when browsing to the Outlook Web Access site. This methodology provided above with the deny rule can also be used against any other web site publishing rule including SharePoint Sites and Terminal Server Web Access.
No Comments
Trackbacks/Pingbacks