OWA redirect

Many users want to use OWA without adding /owa in the OWA url e.g. if the complete URL is https://mail.corpa.com/owa they just want to type https://mail.corpa.com and want to access OWA by doing that. In order to get that to work we can configure a redirect rule on ISA server 2006 . Please refer to my earlier post about how to configure OWA http://blogs.technet.com/sooraj-sec/archive/2009/12/05/publishing-owa-on-isa-server-walk-through.aspx as I will refer to the OWA rule created there for OWA publishing. So I would assume that we have already configured OWA rule as per my link mentioned above and now we are ready to configure OWA redirect. First thing that we would do is to copy the OWA rule and paste it by doing ctrl+V on the firewall policy window of ISA MMC as shown below

and(don't forget to apply the settings) then open the properties of this new rule which in this case is owa(1) you can rename it to OWA redirect or whatever name you want to give it. Then go to the "Action" tab of the rule properties and choose Deny and then check the redirect check box and enter the URL for OWA i.e. the actual one in this case it is https://mail.corpa.com/owa as shown below


 then go to "Paths" tab as shown below

and remove the existing paths and add the paths shown above. Then we are ready for URL redirection from https://mail.corpa.com to https://mail.corpa.com/owa.

There are users who dont  want to put "https" in the URL and just want to type "mail.corpa.com" and access OWA along with above mentioned requirement. This would be considered as http to https redirection.In order to achieve this http to https redirection we can configure our OWA listener to allow http to https redirection as shown below

as you can notice that we have checked box for http connections as well along with https and then chose option redirect all traffic from http to https.

By configuring our OWA redirect rule as shown above and our OWA listener as shown above a user shall be able to access owa by typing "mail.corpa.com" in the browser.


Comments (11)

  1. Anonymous says:

    Hello Mike,

    Sorry for delayed response. I just checked your link and I have a explanation to that.  Infact when i read your previous post i was about to ask you to do netstat -ano>ports.txt  on a command prompt and check if  the ip address used on the listener is listening on the ports that you are using for that web listener. If yes the what is PID(process id used) as per your second post most probably you would have got PID as 4 which is usualy for system  or in other words IIS. That is why next question comes into picture are you doing it on ISA server or TMG server. As on ISA server installing IIS is not supported or if you have to put IIS on ISA server then make sure you are not using well known ports on it e.g. 80 and 443 or 8080 to avoid  port racing condition(as that blog post link had seen with edge role on TMG and www publishing with it which grabbed the port 80). If  your using TMG server then you should be care full about the roles that you are going to install on the TMG server and ports used by each role.

    Going by simple logic two services cannot own same port. If you have two services which need same port then only one of them would be able to use it at the time of reboot or at the time of restart of the services this is called port racing.

    To avoid such conditions please configure the applications/services to use different ports to avoid port conflicts or port racing condition.


    Suraj Singh

  2. Anonymous says:

    right..thats why after installing them we can take a note of what ports are being utilized by IIS,in case it is using 80,8080,443, then we know these would be used by ISA or TMG then we can change these ports to someother port number which ISA or TMG is not using.

  3. Anonymous says:

    it should if you can elaborate more on how (exact sequence) you are trying to do that.

  4. Desi says:

    This work around does not work from me using TMG 2010

  5. Mike Crowley says:

    I am also having an issue with this.  It sounds simple enough, but the browser is not redirected.  the log does show the denied connection, but  the matching rule is "default rule".  for some reason the redirect rule isn't matching

  6. Mike Crowley says:

    Hey, thanks for the reply!

    The logic does make sense.  But, this is logical too: Edge/TMG is a supported scenario, and IIS is a prerequisite of Edge.  

    I did not install IIS intentionally, so it must have been tagged with the following command:

    Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS –Restart

    What do you think?

  7. Taryel Kazimov says:


  8. i don’t know why i m showing anonymous on this post btw 🙂

  9. Casey Mayans says:

    Great website! It looks extremely good! Maintain the helpful work!|

Skip to main content