Problem solve Get help with specific problems with your technologies, process and projects.

Automated redirects to OWA directories may fail when SSL is enforced

Find out why automatic redirects to OWA directories may fail when SSL is enforced, and learn about a technique that will allow redirects to SSL-enabled OWA directories.

I recently came across a Microsoft discussion group thread that explains why automatic redirects to Outlook Web Access (OWA) directories may fail when SSL is enabled and enforced.

The Exchange administrator configured IIS to redirect users automatically from a second-tier domain (e.g., to the proper OWA directory (i.e., He also wanted to provide a redirect from to However, when he tried to implement the redirect, it wouldn't work.

Instead, the administrator performed the redirect with a quick ASP script that simply used Response.Redirect to bounce the OWA user to the appropriate page. It succeeded in redirecting users from to, but it didn't work for bouncing them from http to https.

The problem was that the administrator mistakenly set SSL to be required for the entire site -- not just the \exchange directory. An OWA user who tries to access the site via standard http would receive an error, since the redirect was never being triggered in the first place.

More on OWA authentication:
Setting up OWA in Exchange Server 2003

Disappearing OWA and Exchange virtual directory settings

An OWA authentication anomaly

Forms-based authentication errors with OMA and ActiveSync

How to repair Exchange-related IIS virtual directories

The fix was simple enough: He disabled SSL on the site, but enabled it specifically on the OWA directories that required it. The only caveat is that any newly-created OWA directories that require SSL would need to have SSL turned on manually.

The script and technique this Exchange administrator used has been documented in the Microsoft Knowledge Base article 555053, How to redirect to a secure Exchange virtual directory and enable forms-based authentication.

The Microsoft article also suggests adding a custom redirect for the 403;4 error which bounces any non-SSL user to the SSL version of the same site. This can also be used if you want to enforce https on the whole site by default, without needing to set it for specific directories.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.