The Redirect Catch – Another one…


My previous post about redirect explained a typical loop scenario while implementing the Deny rule on ISA Server. Looks like people just hate typing the /owa (or /exchange) these days, maybe because they already have too many things to memorize (I don’t blame them). Since many users are migrating to Exchange 2007 (and now also to Exchange 2010) the scenarios of coexistence with Exchange 2003 may reduce, but it is still very common. With those two challenges in their hands (redirect and legacy coexistence), many time administrators want to achieve the following goal:

  • One single rule for OWA on Exchange 2003 and Exchange 2007
  • Do not type /owa or /exchange in order to access the mailbox

On the redirect perspective we have another catch, by using the typical redirect approach, which is: creating a deny rule for https://mail.contoso.com and redirect to https://mail.contoso.com/owa, users that have their mailboxes located on Exchange 2003 will receive the following error message after logon in the FBA page:

Outlook Web Access could not find a mailbox for DOMAIN\USERNAME. If the problem continues, contact technical support for your organization and tell them the following: The mailbox may be stored on a Microsoft Exchange 2000 or Microsoft Exchange 2003 server, or the Active Directory user account was created recently and has not yet replicated to the Active Directory site where this Client Access server is hosted

This is actually expected, since you can’t access legacy mailboxes by using /owa. In order to fix that you need to change your redirect rule on ISA to be:

  • Action: Deny
  • From: https://mail.contoso.com
  • Redirect to: https://mail.contoso.com/exchange

Simple tip that can save you some deployment headaches.

Comments (0)

Skip to main content