Saturday, 6 August 2011

Steps to Enhance the Customer Experience of Exchange 2010 OWA

This post covers 3 additional steps to enhance the customer experience of Exchange 2010 OWA:

1) Set the default domain removing the need for DOMAIN\ in the username field
2) Set the external OWA URL and make it available internally
3) Make the default website redirect to OWA, and http redirect to https


1) Set the default domain in Exchange 2010 OWA so customers do not need to put DOMAIN\ before username

Either from the Exchange Management Console:

Exchange Management Console → Server Configuration → Client Access → Select your CAS → 'Outlook Web App' tab → owa (Default Web Site) Properties → 'Authentication' tab → Under 'Use forms-based authentication' select 'User name only' and browse for the internal domain → OK

Or from the Exchange Management Shell:

Set-owavirtualdirectory -identity “owa (default web site)” -Sign-inFormat UserName -DefaultDomain “yourinternaldomain.priv”

Finally restart IIS from command prompt:

iisreset

Note: Using DOMAIN\username will continue to work after this change


2) Set the external OWA URL and make this available internally

Exchange Management Console → Server Configuration → Client Access → Select your CAS → 'Outlook Web App' tab → owa (Default Web Site) Properties → 'General' tab → In the 'External URL' box enter the external URL (e.g https://owa.test.co.uk/owa) → OK


On an internal DNS server - if not already created - create a new Forward Lookup Zone → Primary zone for the external domain (e.g test.co.uk,) and in that zone create an A record for OWA (e.g owa.test.co.uk) pointing to the internal IP of the CAS hosting OWA.

Finally on an external DNS server create an A record for the external URL (e.g owa.test.co.uk)


3) Make the default website redirect to owa (e.g https://owa.test.com redirect https://owa.test.com/owa ) and http redirect to https

If not already installed – install HTTP Redirection component from:
Server Manager → Roles → Web Server (IIS) → Add Role Services

From 'Administrative Tools' open 'Internet Information Services (IIS) Manager' (or InetMgr.exe from Run / Command Prompt)

Select 'Default Web Site' → Double-click 'HTTP Redirect' icon under IIS
Tick 'Redirect requests to this destination' and enter external URL for OWA (example: https://owa.yourdomain.com/owa )
Tick 'Only redirect requests to content in this directory (not subdirectories)
Under Actions in the right-hand pane, click Apply

Now to remove the enforced redirect from each of the virtual directories under the Default Web Site. Select each virtual directory individually and open the HTTP Redirect property and uncheck the 'Redirect requests to this destination' checkbox. This needs to be done on:
→ aspnet_client
→ Autodiscover
→ ecp
→ EWS
→ Microsoft-Server-ActiveSync
→ OAB
→ PowerShell
→ Rpc

Note 1: the Exchange, Exchweb, and Public virtual directories should redirect to /owa)
Note 2: If the Rpc virtual directory is not showing in the console, this is most likely because the RPC over HTTP Proxy feature has not been installed; install this, reboot, and - hey presto - it now shows

At this point the redirect https://owa.test.com to https://owa.test.com/owa should be working

Select the Default Web Site → open SSL Settings properties → uncheck the 'Require SSL' checkbox
The change will be inherited down the tree for any virtual directory which does not explicitly set the setting independently, ensure that SSL is required for the following virtual directories:
→ Autodiscover
→ ecp
→ EWS
→ Microsoft-Server-ActiveSync
→ OAB
→ owa
→ Rpc

Note: if SSL is required for the PowerShell virtual directory, this will render Remote PowerShell inoperable!

Run iisreset


Credits

No comments:

Post a Comment