Outlook Web Access redirection via Microsoft ISA 2006

Posted by on Jun 23, 2009 in Exchange, Exchange 2007, ISA

We all know from experience that advising end users to browse  to https://mail.yourdomain.com/OWA if you are running Exchange 2007 or /exchange if you are running Exchange 2003 is usually problematic .  Oh! and did I forget to mention that it’s HTTPS and not http!  We must admit that not all end users are likely going to remember this URL and at times even struggle to distinguish the difference between secure and non secure sites.  Well if you are running ISA 2006 as an edge or secondary application layer firewall then we can easily simplify the URL that we will publish to our end users by creating a deny rule which will then automatically redirect them to the correct address.  By the end of this post,  your end users will only need to remember a simple URL in the form of  mail.yourdomain.com (notice that http or https is not required). This post is assuming that you already have an existing Exchange Publishing Rule in ISA 2006.  Note, that this technique can also be used for other websites that ISA may already be protecting such as SharePoint and Terminal Server Web Access.

Let’s begin by launching the ISA Management Console, and navigate to create a new web site publishing rule.  The New Access Rule Wizard will launch in which you will begin by specifying a name for your rule.

New Access Rule Wizard

Select Deny as your Rule Action

ISA Select Rule Action

Select Publish a single web site or load balancer.

Publish a single web site or load balancer

Select Use SSL to connect to the published Web server or server farm.

Server Connection Security

Enter your Internal Publishing Details which should be identical to the original Exchange Publishing rule.Capture5

Click Next and then Next again skipping the Path details.

Path ISA

Enter the Public Name details as per your original Exchange Publishing rule.

Public Name Details

Select the existing Exchange Web listener that you already have created for your Exchange Publishing Rule.

Web listener

Select, No delegation, and client cannot authenticate directly.

Authentication Delegation

Remove Authenticated Users if present and select All Users instead.

ISA User Sets

You will then receive the below warning as we have selected All Users.  Ignore this warning and click on OK to continue.


Now that the rule has been created, we need to specify the redirect page.  Right Click on the newly created rule and select properties.  Navigate to the Action tab and click on the check box beside “Redirect HTTP requests to this Web page:” and enter the full Outlook Web Access URL.

Outlook Web Access Redirection Properties

We are now complete.  You will need to ensure that the deny rule is place immediately below the original Exchange Publishing Rule as per the below screen shot.  When a user now enters the url mail.yourdomain.com it will hit the redirection rule that we have just created which will then redirect to https://mail.yourdomain.com/owa and authenticate against your original Exchange OWA rule.

ISA Rules

In summary we have removed the all so common confusion that end users may encounter when browsing to the Outlook Web Access site.  This methodology provided above with the deny rule can also be used against any other web site publishing rule including SharePoint Sites and Terminal Server Web Access.

No Comments


  1. Tweets that mention Outlook Web Access redirection via Microsoft ISA 2006 | SharePoint George -- Topsy.com - [...] This post was mentioned on Twitter by George Khalil. George Khalil said: @resing I've used rules in the past.…