Script: Set-Exchange2010RedirectSSL.ps1 – Redirecting the Root Web Site to /owa and Forcing SSL in Exchange 2010
A common practice is to redirect the default website to the OWA site in IIS. This allows for a shorter URL for users to remember, and catches those who don’t append “/owa “. It’s a simple enough task for an administrator to do, but I wanted to script it so that I could include it in other Exchange 2010 build scripts to help streamline the process.
Another common practice is to force SSL on specific virtual directories to help enhance security of client access to Exchange. This can take a few extra minutes, but can easily be scripted as well, so I combined both into a simple script. Some of the initial code came from colleague and Exchange Ranger Mark Smith, but I converted it to PowerShell, and added some checks and balances.
Run the script after installing Exchange, and pass it the destination to forward to. An example would be
.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ehloworld.com/owa"
This will redirect the root site to the URL listed. If you don’t specify the ForceSSL option, it will automatically secure the recommended virtual directories. To override that, set it to $false, such as
.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ehloworld.com/owa" -ForceSSL $false
The script starts by verifying the web-http-redirect feature is installed. If not, it will install it. Then, the script will backup the current IIS config, apply the changes, then do an IISRESET for them to take effect.
If you’re not sure of how to run it, there is built in help. Just run
Get-Help .\Set-Exchange2010RedirectSSL.ps1
UPDATE: I forgot to mention that the script also assigns permissions to the web.config file for the Offline Address Book to resolve a problem where downloading of the OAB would stop in the middle after configuring HTTP redirection. Microsoft Exchange PFE Bhargav Shukla has pointed out that this was mentioned in fellow MVP Henrik Walther’s post OAB issues after simplifying the OWA 2010 URL? As mentioned earlier, I got intial code from someone else, and didn’t realize that Henrik had already posted about it. So rather than go into details on the issue, please visit Henrik’s excellent post if you’d like more info. Thanks to both Henrik and Bhargav.
Installation
Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.
Download
v1.3 Set-Exchange2010RedirectSSL.v1.3.zip
v1.2 Set-Exchange2010RedirectSSL.v1.2.zip
v1.0 Set-Exchange2010RedirectSSL.zip
Changelog
See the changelog for this script which details all versions and their features
Does this script work on Exchange 2010 SP1??
This script sets a redirect on autodiscover and powershell. Wont that break things?
I’ll do some more testing this weekend. If needed, I’ll update the script. Thanks for the info!
I’m not seeing it set redirect on PowerShell. Autodiscover still works, but I’m gonna tweak the script.
Check this article that explains what directories should be excluded from redirection http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/
New version posted which resolves that issue, and another issue I discovered if you used -forcessl $false.
Many thanks for this script. I looked at many of the other guides on the Internet and even the Microsoft redirect directions broke OWA. Spent many hours trying to figure it out.
Your script worked flawlessly.
Great work!
Does this script not break the RPC over HTTP, somehow its not working, after i did the script ???
It didn’t break it on my environment. What do your logs say?
Excellent work!
Migrating Exchange 2003 to 2010, old users are pointing to http://mail.domain.com/exchange but new OWA is https://mail.domain.com/owa
I cannot figure out how to redirect /exchange to /OWA I am currently getting an apparent ASP Server Error in ‘/’ Application. web.config error. Does this script enable this or is something just broke in my case? For the Vdir redirect is check and sent to /owa.
Ok I had to run it twice (to fix all the mistakes I previously made
and everything is getting redirected perfectly now, thanks for this.
Glad to see it’s working for you.
I ran the script as instructed, saw it apply everything, however now it’s not working. I’m still getting an HTTP500 error when going to the shortened URL, which in my case is http://mail.company.org
However, when I go directly to the long URL: https://mail.company.org/owa which I put in as the destination to forward to in the script, it works.
I have the same symptom but when i created redirection manually, with the mentioned script. did you solve the problem?
I have the same symptom but when i created redirection manually, without the mentioned PS script. Did you solve the problem?
I used this script on one server and it seemed to work, then on the next reboot it did not. I tested on a second server and it would not work at all. The initial redirect in left blank when checking IIS?
Any ideas people this script would be such a blessing if it worked.
FYI – If you are using Backup Exec 2012 to backup Exchange 2010 and try to do a restore, the restore will fail until you remove the redirect on the EWS virtual directory. BE 2012 uses EWS rather than MAPI for communication with Exchange.
Don’t use this script on SBS 2011 if you for instance have:
remote.domain.tld (Remote Web Access: Remote Workspace)
owa.domain.tld
running the script on owa.domain.tld/owa will also break remote.domain.tld, so that it redirects to owa.domain.tld and makes the Remote Web Access site unaccessible…
Awesome! This script worked great on 2k8-R2 exch2010-sp2
I had been having issues with either the owa redirect working and breaking the EMC, or vice versa. It was maddening pouring over all kinds of articles on the net only to come up with a half working solution.
This script fixed all the issues I was seeing. Thanks again Pat!
Does this work if you are running multiple authoritative domains? Example: I need to be able to get to owa for authoritative domains abc and xyz so I want the users for those domains to be able to get there by going to mail.abc.com or mail.xyz.com and be in the right place for OWA for those authoritative domains.
This does not cover scenarios like that. Sorry!
I always thought the OAB permission issue was just with new OAB virtual directories. I don’t at all understand how setting redirection would only cause issues with one virtual directory and not the others. Regardless, excellent script. May I ask permission to wrap your script in another gui based powershell script (with full attributes to you of course)? I’m looking to create an Exchange 2010 (and possibly 2013) quick configuration script generation tool and your script is far better format than my own powershell notes (and it addresses that stupid oab issue).
Thanks!
Zach
I believe that the RpcWithCert virtual directory should be RequireSSL and Require client cert. currently require cert doesn’t get applied.
The command for the RPCWithCert VD should be:
.\appcmd set config “Default Web Site/RpcWithCert” /section:access /sslFlags:”Ssl, SslNegotiateCert, SslRequireCert, Ssl128″ /commit:apphost
How can I undo all the changes by the script? I keep getting “An unexpected error occurred and your request couldn’t be handled” messages. Users are pissed, so I think I’ll just deal with the non-redirect issue instead.
SP2 for Exchange 2010 broke my redirect. This script worked for me!