Re: Exchange 2003 SP2 : OWA SSL problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

In my first post, I explained that I had success in setting up the server to
reach my goal. However, I had to set up the ssl port on the external site
from the IIS admin pages, because Exchange greyes the textbox. This is not a
blocking problem, but as soon as I change the settings of the external web
site from the Exchange admin pages, I need to re-set the ssl port in IIS. It
is not blocking but very annoying.
According that, the initial question was : why does exchange not let me
change this SSL port ? and did I missed any configuration to enable SSL ?

Anyway, thanks, for your help.
Steve


"Lee Derbyshire [MVP]" <email a@t leederbyshire d.0.t c.0.m> a écrit dans le
message de news: %23aerkv85GHA.4304@xxxxxxxxxxxxxxxxxxxxxxx
Okay. Have a look at your Default Web Site, and make sure that the
SSL Port value is empty. Same for the internal site. Make sure that
only the external site has a port number of 443. Like this, you would
probably only need one IP address, too.


"Steve B." <steve_beauge@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OdCNGc85GHA.4708@xxxxxxxxxxxxxxxxxxxxxxx
Only the external requires one.

In fact, I'd like to have a http://mail.company.com that use windows
auth
for internal use and https://mail.company.com for external use (I've
set up
public and internal DNS to resolve the host name to the public or
internal
IP adress).

That's why I created two more web site.

Steve

"Lee Derbyshire [MVP]" <email a@t leederbyshire d.0.t c.0.m> a écrit
dans le
message de news: O45SNS85GHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
If the server has three Web Sites that require SSL, you will need
three IP addresses.


"Steve B." <steve_beauge@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:uU9ROC85GHA.1736@xxxxxxxxxxxxxxxxxxxxxxx
This workaround did not solve the problem.

I've set up the serveur with two IP adresses for the same NIC.
My exchange serveur has 3 web site :

Exchange virtual server : default web site
External virtual server : listen on IP address 2
Internal virual server : listen on IP address 1 with another
hostname

However, the external virtual server SSL port still cannot be
configured...
the textbox is greyed, and the only way I can change it is to go
into IIS
admin.
And like the initial post, this setting is overwritten as soon as
I
change
something in the exchange settings of this VServer ...

Steve

"Lee Derbyshire [MVP]" <email a@t leederbyshire d.0.t c.0.m> a
écrit
dans le
message de news: eC03j465GHA.4484@xxxxxxxxxxxxxxxxxxxxxxx
"Steve B." <steve_beauge@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:el3xdY65GHA.3920@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for your answer, I'll try to set up the external web
site
to
a
dedicated IP address

Okay. I'm not actually sure if you need a second NIC for
this -
it
may be enough to add a second IP address to the existing NIC,
and
use
that.

Lee.


Steve

"Lee Derbyshire [MVP]" <email a@t leederbyshire d.0.t c.0.m> a
écrit
dans le
message de news: eEdblQw5GHA.1860@xxxxxxxxxxxxxxxxxxxxxxx
"Steve B." <steve.beauge@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:%23kIbu$v5GHA.4276@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I'm trying to set up OWA.
I've created along the default web site two other iis web
sites.
The first is the "internal" one with windows
authentication,
the
second is
the "external" one with forms authentication and visible
from
the
web.

In order to secure the logon, I want to setup SSL on the
external
site.
The IIS server is set up to support SSL, but in the
exchange
system
admin,
the SSL port textbox is greyed.

I was able to set up this port directly in IIS (443), but
as
soon
I
changed
something in the exchange screens, the port configuration
is
cleared
and I
have to set up it again.

Did I missed something ?

Thanks,
Steve

The only thing I can think of that might cause this is if
you
used
Host Headers to differentiate your Web Sites. AFAIK, SSL
doesn't
work
with Host Headers (the server name in the request is not
decrypted
until it has choosen a site certificate, by which time it is
too
late
to do anything with it). You need either a separate IP
address
or
a
separate Port number for each site that uses SSL.

Lee.

--
_______________________________________

Outlook Web Access For PDA , OWA For WAP
www.owapda.com
email a@t leederbyshire d.0.t c.0.m
_______________________________________
















.

Relevant Pages

  • RE: SSL Publishing to WEB Server and Disable Binding
    ... To answer your concern, you can feel to publish this SSL web site, and the ... Socket pooling causes Internet Information Services ... pooling won't impact the default web site on the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • RE: Reinstall Internal Web
    ... A Web site that uses a SSL certificate must have a unique IP ... the Web server cannot use the IP address and the SSL ... You cannot successfully install the intranet component or connect to ...
    (microsoft.public.windows.server.sbs)
  • Re: Publish SSL Web Server behind SBS2003
    ... > How to configure a certificate for use with a Web publishing rule in ISA ... > Server 2004 ... > RWW/OWA for SSL encryption. ... Right click the SSL Web Site and click Properties. ...
    (microsoft.public.windows.server.sbs)
  • Re: SharePoint 3.0 - making it accessible to user from the outside
    ... If the organization is not using SSL on that server for any other web site, ... making a SharePoint web site accessible to the outside is very doable. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Publish External Websites Securely (ISA 2004)
    ... However, SSL to ... Enable SSL on this web site. ... select Directory Security tab, click Server Certificate button. ... you can access the web site from Internet thru ...
    (microsoft.public.windows.server.sbs)