Windows IT Pro
Connect With Us
Home > Exchange Server > Outlook > Redirecting Users to Secure Pages

Redirecting Users to Secure Pages

Dec. 9, 2001 Jim McBee | Windows IT Pro

If you run Exchange 2000 Server’s Outlook Web Access (OWA) 2000 but don’t use Secure Sockets Layer (SSL), users can simply type the prefix HTTP to connect to the OWA server. If you decide to use SLL to better secure your Exchange system, users must use the prefix HTTPS rather than HTTP to connect to the OWA server. The HTTPS prefix might be difficult for users to remember. You can help them one of two ways, as suggested in Chris Lehr, Reader to Reader, "Forcing Users to Use SLL," May 2001.

If users request an HTTP page from a server that requires SSL, they receive the 403.4 Forbidden: SSL required error page. An HTML file (403.4.htm) in the \winnt\system32\help\iishelp\common directory generates that error page. You can replace the HTML file with a custom HTML file that redirects clients’ browsers to the correct HTTPS address. Listing A contains the code you put into the custom HTML file. In this code, you need to replace owa.somorita.com with the correct Web server for your organization. After the custom file is in the correct directory, you need to open the Microsoft Management Console (MMC) Internet Information Services snap-in and go to the Custom Errors tab in that Web server’s Properties dialog box. Replace the path to the existing 404.3.htm file with the filename and path to your custom file. This solution works well as long as the clients’ browsers support redirection.

If the browsers don’t support redirection, you can use an alternative solution that involves creating another virtual server. First, change the current virtual server’s port to an unused port, such as 8080. Then, create a new virtual server that uses port 80. Finally, open the Internet Information Services snap-in and go to the Home Directory tab of the new virtual server’s Properties dialog box. Select the option A redirection to a URL and enter the URL of the SSL-based site, as Figure A shows.

Discuss this Article 14

PETER DAVIES (not verified)
on Dec 16, 2001
I tried your solution but couldn't get it to work. Here's what I did, I copied your script and edited it with my URL, and then saved it to the same directory as the other error code files. I then went to properties of "Exchange" virtual directory and change the path of 403.4 with URL pointing to the newly created file. As I opened up a browser at http://mydomain.com/exchange I got the 403 error code "You are not Authorized to view this page." Something I'm missing?! Author response: There was a typo in the original code listing (an extra " after the "0). Sorry about that. The error has now been corrected.
Prayag (not verified)
on Aug 16, 2004
Even I couldn't get the first suggestion to get working, until I changed the time delay from 0 to some higher value. Additional to this, MS itself recommends a process where you can write a ASP file and use that as the error page, which will redirect your page to a secured one. Not that this is something great, but only thing, 'cause this is site independent, you won't need to change the script in case you change your site URL or something like that. here's the link, http://support.microsoft.com/default.aspx?scid=kb;en-us;555126&Product=exch2003 (Note: I couldn't get this to working for Exchange 2000, I suspect some silly mistake in my method :-)
Anonymous User (not verified)
on Apr 11, 2005
I spent all day trying to figure out why suggestion 1 wasn't working. I found out that the client side browser settings need to be changed. In IE, click Tools, Internet Options, Advanced and change uncheck the "Show friendly HTTP error messages" option. That will fix it. I am still unclear why this fixes the problem but it does.
Jeff (not verified)
on Feb 26, 2002
Yup, same here. It gets the 403.htm page from the client too...
Daryl Schweiger (not verified)
on Aug 1, 2003
If you follow the second suggestion to use a second virtual server and change the default to port 8080 (or any other port), you will be causing problems with using the Exchange System Manager. (That is only if the virtual site is on the same server as Exchange 2000.) I.E. - you will not be able to manage public folders. The default virtual server's port needs to remain on port 80, or you can follow technet article 325920 to change the port number Exchange System Manager uses to port 8080 (or what you set the default virtual server too). A third option is to add a second IP address to the exchange server, assign this address to the second virtual server and set the redirection as instruction, leaving both virtual servers on port 80.
Anonymous User (not verified)
on Jan 24, 2005
how do I redirect when loggof is clicked
Anonymous User (not verified)
on May 12, 2005
Turning off "Show Friendlt HTTP error messages", is a nice workaround, but I recently rebuilt a server that had this running witout this work around in place. Now I need to turn off friendly HTTP errors in order to make it work. The site and IIS are all the same as before and now the only difference is this workaround being needed. I know that this worked before for me with the exact cose i am using now. What makes the "Show friendly HTTP errors" show up now. What am I missing that allowed it to work before without having to use this work around?
C (not verified)
on Mar 7, 2002
The problem listed in Peter Davies' comment is still a problem. I get the same result as the first two commenters (error 403 - You are not Authorized to view this page), even after the source code was updated. What am I doing wrong?! This should work, but it just doesn't. Additional information: I tried redirecting to another site (yahoo.com) and even that fails if I enabled the "Require SSL" option in IIS MMC snap-in. I'm not even asked to logon - it simply fails to redirect me. I inserted a message in the redirect code, which displays ven though a logon is asked for. Is this a clue?

Please or Register to post comments.

Related Articles
IT/Dev Connections Exchange Server

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• Future Deopyments
and Integrations
• Hybrid Deployments
• Exchange Online
• Windows 8 Deployment
and much more!

Come See Tony Redmond & Mark Minasi in Person!

Early Registration Now Open

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc