Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

You can use Internet Information Services (IIS) Manager to simplify the Microsoft Office Outlook Web App URL that users use to access their Microsoft Exchange Server 2010 mailbox.

The first procedure below configures a request that's sent to the root of the Web server (https://server name) to redirect to the Exchange virtual directory. For example, a request to https://server/ is directed to https://server/owa.

The second procedure redirects a request to http://server to https://server/owa. To help secure the information that's sent between the client and the server, the default Web site is set to require Secure Sockets Layer (SSL) at installation. To simplify access to Outlook Web App for your users, you may want to configure the Outlook Web App Web page, which is usually the default Web site in IIS, to automatically redirect users to https.

When you configure redirection from a top-level directory in Windows Server 2008, the settings are propagated to lower-level directories. For example, when you configure redirection on the Default Web Site to the /owa virtual directory, the settings that you configure also appear on the HTTP Redirect page of all the virtual directories, such as /Autodiscover, /Exchange, and /Public. Therefore, you must remove redirection from all the virtual directories except the one that you want redirected.

Looking for other management tasks related to Outlook Web App URLs? Check out Managing Outlook Web App URLs.

Use IIS Manager and Notepad to simplify the Outlook Web App URL when SSL isn't required

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "IIS Manager" entry in the Client Access Permissions topic.

  1. Start IIS Manager.

  2. Expand the local computer, expand Sites, and then click Default Web Site.

  3. At the bottom of the Default Web Site Home pane, click Features View if this option isn't already selected.

  4. In the IIS section, double-click HTTP Redirect.

  5. Select the Redirect requests to this destination check box, and then type /owa.

  6. Under Redirect Behavior, select the Only redirect requests to content in this directory (not subdirectories) check box.

  7. In the Status code list, click Found (302).

  8. In the Actions pane, click Apply.

  9. Close IIS Manager

  10. Find the Outlook Web App Web.config file on the Client Access server. The default location is <drive>\Program Files\Microsoft\Exchange Server\<version>\ClientAccess\Owa.

  11. Make a backup copy of the file.

  12. Open the original file using an editor such as Notepad. Don't use IIS Manager to edit the Web.config file.

  13. Find httpCookies httpOnlyCookies="false" requireSSL="true" domain="" and change the requireSSL flag to false.

  14. Save and close the file.

    Note:
    If Outlook Web App is configured for plain-text HTTP only for the purpose of SSL offloading, then this additional step of modifying the web.config file is not required.
  15. For the new settings to take effect, open a Command Prompt window, and then type iisreset /noforce to restart IIS.

Note:
If SSL is required, you must redirect HTTP to HTTPS and then also redirect to the /owa virtual directory. If you don't do this, users will receive an error message when they try to access Outlook Web App without specifying the virtual directory. To do this, use the following procedure.

Use IIS Manager to simplify the Outlook Web App URL when SSL is required

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "IIS Manager" entry in the Client Access Permissions topic.

  1. Start IIS Manager.

  2. Expand the local computer, expand Sites, and then click Default Web Site.

  3. At the bottom of the Default Web Site Home pane, click Features View if this option isn't already selected.

  4. In the IIS section, double-click HTTP Redirect.

  5. Select the Redirect requests to this destination check box.

  6. Type the absolute path of the /owa virtual directory. For example, type https://mail.contoso.com/owa.

  7. Under Redirect Behavior, select the Only redirect requests to content in this directory (not subdirectories) check box.

  8. In the Status code list, click Found (302).

  9. In the Actions pane, click Apply.

  10. Click Default Web Site.

  11. In the Default Web Site Home pane, click SSL Settings.

  12. In SSL Settings, clear Require SSL.

    Note:
    If you don’t clear Require SSL, users won’t be redirected when they enter an unsecured URL. Instead, they’ll get an access denied error.
  13. For the new settings to take effect, open a Command Prompt window, and then type iisreset /noforce to restart IIS.

Modify permissions on the Offline Address Book web.config file

After you’ve configured redirection for the Default Web Site, you have to edit the permissions on the Offline Address Book web.config file. If you don’t complete this step, users won’t be able to download the Offline Address Book when using Outlook.

  1. Find the Offline Address Book Web.config file on the Client Access server. The default location is <drive>\Program Files\Microsoft\Exchange Server\<version>\ClientAccess\oab.

  2. Right-click the file and click Properties.

  3. Click the Security tab.

  4. Click Edit.

  5. Under Group or user names, select Authenticated Users. Under Permissions for Authenticated Users, click Read & execute.

  6. Click OK twice to save your changes and close the properties window.

Use IIS Manager to remove redirection from a virtual directory

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "IIS Manager" entry in the Client Access Permissions topic.

To remove redirection from a virtual directory, perform the following steps:

  1. Start IIS Manager.

  2. Navigate to the virtual directory.

  3. Double-click the HTTP Redirect icon in the Features view of the virtual directory.

  4. Clear the Redirect requests to this destination check box.

  5. In the Actions pane, click Apply.

  6. For the new settings to take effect, open a Command Prompt window, and then type iisreset /noforce to restart IIS.

You may not be able to use the procedure above to remove redirection from a virtual directory that doesn't have a physical path, such as /Exchange, /Exchweb, or /Public. Use the following procedure to remove redirection from a virtual directory that doesn't appear in IIS Manager.

  1. Open a command window

  2. Navigate to <Window directory>\System32\Inetsrv

  3. Run the following commands:

    1. appcmd set config "Default Web Site/autodiscover" /section:httpredirect /enabled:false -commit:apphost

    2. appcmd set config "Default Web Site/ecp" /section:httpredirect /enabled:false -commit:apphost

    3. appcmd set config "Default Web Site/ews" /section:httpredirect /enabled:false -commit:apphost

    4. appcmd set config "Default Web Site/owa" /section:httpredirect /enabled:false -commit:apphost

    5. appcmd set config "Default Web Site/oab" /section:httpredirect /enabled:false -commit:apphost

    6. appcmd set config "Default Web Site/powershell" /section:httpredirect /enabled:false -commit:apphost

    7. appcmd set config "Default Web Site/rpc" /section:httpredirect /enabled:false -commit:apphost

    8. appcmd set config "Default Web Site/rpcwithcert" /section:httpredirect /enabled:false -commit:apphost

    9. appcmd set config "Default Web Site/Microsoft-Server-ActiveSync" /section:httpredirect /enabled:false -commit:apphost

  4. Finish by running the command iisreset/noforce.

When you configure redirection from a top-level directory, a web.config file may be created under <drive>\Program Files\Microsoft\Exchange Server\<version>\ClientAccess\oab. If this has happened and you later remove redirection, Outlook 2007 and Outlook 2010 may freeze when users click Send and Receive. To avoid this happening after you remove redirection, delete the web.config file from <drive>\Program Files\Microsoft\Exchange Server\<version>\ClientAccess\oab.

Other Tasks

After you simplify the Outlook Web App URL, you may also want to Enable Explicit Sign-in in Outlook Web App.