Sunday, November 30, 2008

Exchange 2007 OWA redirect configuration using URL Rewrite

This is a quick write up on how to configure your Windows 2008 x64 IIS server on how to rewrite URL's so users can easily get to their HTTPS based OWA without entering the entire URL including https://...


  • First, download and install URL rewrite for x64 here http://www.iis.net/extensions/URLRewrite, This will require a reboot.
  • Second, by default "force SSL is ENABLED on an Exchange server. Open the SSL settings on your default site and disable the HTTPS requirement, as this rule will force it.
  • Go into IIS manager and open URL rewrite:


  • Create a new Blank rule


  • You will be recreating these two rules:

  • Force HTTPS Rule and Conditions:


  • Redirect Root Rule Action:


  • Now, http://machine/ and http://machine/owa and https://machine/ all redirect to https://machine/owa making the end user a happy camper who can't goof up the URL!




Tuesday, November 04, 2008

Live Meeting and Live Meeting Outlook Add in URL's for download.

LM: http://r.office.microsoft.com/r/rlidOCS?clid=1033&p1=LiveMeeting
Addin: http://office.microsoft.com/en-us/help/HA102368901033.aspx

These URL's are PAINFULLY hard to find. Go ahead and google "live meeting 2007 download"

File Under: OCS, communicator, livemeeting
How to publish your OCS 2007 address book externally without using ISA 2006 reverse proxying for external group expansion.

After much back and forth about Microsoft's requirement for ISA 2006 and reverse proxy for the address book publishing, I decided to try to find an alternate way.

Of course, per the OCS deployment guidelines, reverse proxy with ISA 2006 is the recommended solution, because you are not allowing direct access to the HTTPS server on your internal front end server.

Here's how to do it using a regular NAT translation and opening 443 to your front end server.

  1. Change your group expansion URL using wbemtest (from here and here)
  2. Configure an external DNS name, a NAT translation to your OCS Front End, and allow TCP/443 inbound. I used ocsab.domainname.com as a convention for the name.
  3. Request a new FE certificate using the OCS certificate wizard that includes existing names + ocsab.domainname.com. If you are only supporting Access Edge Remote connectivity from domain based PC's, you can still use your internal Enterprise PKI. If you want to support non domain workstations, you have two choices, have them install your internal SSL chain locally, or send this cert request to a third party trusted Certificate Authority.
  4. Install the certificate and assign it in OCS. After doing this, you will likely need to restart your OCS services.
  5. Finally, in IIS Manager, you will need to select this new certificate as the certificate to be used for the Default Web Site. This is a critical step, as the OCS certificate wizard does NOT seem to change this for you.

Enjoy having External group expansion while sticking to your guns on your choice of firewall vendor.