Exchange Server Public HTTP Help


Recommended Posts

Greetings everyone!

 

I would be very grateful for assistance with the issue my organization is experiencing.

 

We own two domains. XYZ.com and XYZ.net               

 

The XYZ.com address was registered with GoDaddy and webhosting is with BlueHost. It is strictly being used as a webhost.

 

The XYZ.net address was registered with GoDaddy and it doesn

Link to comment
Share on other sites

So what is your question exactly, how to do the redirect?  Or how to get IIS to have a page on http://xyz.net and or http://www.xyz.net ?

 

There are multiple ways to go about it, but simple redirect would be like this

<html>
<head>
<meta http-equiv="refresh" content="0; URL='https://xyz.net'" />
</head>
</html>

You can 0; to something like 5 for 5 second delay and add a body section if you want them to read something like you will be redirected, etc.

 

You can do this in IIS without html page, this should help http://www.iis.net/configreference/system.webserver/httpredirect

 

Hope that helps

Link to comment
Share on other sites

Set the "A" record for the domain xyz.net to point to the IP address of your external web hosting.

 

Then add the xyz.net domain to your external web hosting account, depending on your options you might be able to set it to redirect to your primary domain automatically. If you can't this can be done pretty easily with either a simple HTML or PHP script.

Link to comment
Share on other sites

Thanks for the suggestions gentleman!

 

InsaneNutter, wouldn't pointing the A-record to another IP, unlocalize my remote.xyz.net, helpdesk.xyz.net, away from my inhouse servers?

 

I actually got what I was looking for though!

I took a leap of faith and unbinded http on Port80 off the Exchange Server.

 

I then created a "New Site", dropped the index.htm file (thanks Budman's suggestion) and then rebinded http to this new area.

 

 

Link to comment
Share on other sites

Follow up:

 

This morning I noticed that Out of Office was unavailable for all my clients. I got flooded with phone calls.

 

I had to revert back the "http" port 80 bindings from my Secondary Site I manually created, back into the "My Default Website", which Exchange originally created.

 

So I am stuck again.

 

When someone visits www.xyz.net, they get an ugly 403 page due to Exchange's IIS Server.

 

If I bind 80 to another site created in IIS of the Exchange Server, then everything appears to be working properly, except Out of Office is no longer functional.

 

Halp :)

 

I'd like not to mess with any Zone Records in GoDaddy because our XYZ.NET already points to a remote.xyz.net, ftp.xyz.net and everything is properly configured.

 

I just want end-users to be redirected to our actual .com website vs seeing the 403.net site.

Link to comment
Share on other sites

redirect to https://xyx.com/owa

 

You don't need to mess with any zone records.  I would be willing to remote in and fix it for you if you are having that many problems with something that is default/simple.  You should have an signed certificate (ssl) for exchange and not use http://  It isn't recommended to use http at all other than for a redirect to https://xyz.com

Link to comment
Share on other sites

This is tough for me to explain, I am sorry.

 

I have a signed certificate and my end-users do use https://xyz.net/owa to connect to our in-house email server without any problems whether from the office or from home.

 

But, my management team decided to see what happens when you just type www.XYZ.net into the online web browser from home.

 

Say a customer happens to type www.xyz.net instead of xyz.com

 

They would see the same 403 page. Not good for business. A redirect would be ideal at this point.

 

My management team wishes our online visitors are redirected to xyz.com when they "accidentally" visit xyz.net

 

 

Both the http/80 and https/443 are binded to "My Default Site" on IIS via Exchange 2010, by default.

 

If I try to make a secondary site in the IIS and rebind just http/80 to it so I can make a redirect html file (xyz.net -> xyz.com) that would be ideal.

When I proceed to make this change, everything works the way I hope it would, except a single issue.  Out of Office says server unavailable. Everything else is dandy.

Link to comment
Share on other sites

www.xyz.com should not point to exchange at all.  the only thing that should point to exchange is mail.xyz.com, webmail.xyz.com, exchange.xyz.com, mailserver.xyz.com, etc.

 

www and xyz.com should all point to something else or nothing at all if you don't have anything at those sites.

 

xyz.com should have a pointer to xyz.net and xyz.net should be able to redirect traffic going to xyz.com to xyz.net.

 

xyz.net and xyz.com should have a mx record pointing to mail.xyz.com, webmail.xyz.com, exchange.xyz.com, mailserver.xyz.com, etc.

Link to comment
Share on other sites

Your method of using a index.html file to do a redirect will work if you turn off the Require SSL setting in IIS against the Default Website.  This would allow you to then accept NON-SSL traffic and should allow that html document to load ovcer standard HTTP.

 

Only do it to the Default Website though, as you want to leave it enable for the sub-site directory's such as OWA or Activesync etc as they want to be doing so over a ssl connection, otherwise could cause potential security problems.

 

Come across this a fair bit, but for other reasons.

Link to comment
Share on other sites

www.xyz.com should not point to exchange at all.  the only thing that should point to exchange is mail.xyz.com, webmail.xyz.com, exchange.xyz.com, mailserver.xyz.com, etc.

 

XYZ.com doesn't point to Exchange at all. XYZ.com takes you to our website hosted with BlueHost.

I already have email.xyz.com setup. Works great!

 

 

www and xyz.com should all point to something else or nothing at all if you don't have anything at those sites.

 

www.xyz.com and http://xyz.com should and are pointing to our actual website on BlueHost that consumers can access.

 

 

 

xyz.com should have a pointer to xyz.net and xyz.net should be able to redirect traffic going to xyz.com to xyz.net.

you lost me on here

 

 

xyz.net and xyz.com should have a mx record pointing to mail.xyz.com, webmail.xyz.com, exchange.xyz.com, mailserver.xyz.com, etc.

We only utilize the XYZ.com email address. It is functioning correctly pointing at our in-house mail server, which IP is binded to the XYZ.net Domain

Link to comment
Share on other sites

Your method of using a index.html file to do a redirect will work if you turn off the Require SSL setting in IIS against the Default Website.  This would allow you to then accept NON-SSL traffic and should allow that html document to load ovcer standard HTTP.

 

Only do it to the Default Website though, as you want to leave it enable for the sub-site directory's such as OWA or Activesync etc as they want to be doing so over a ssl connection, otherwise could cause potential security problems.

 

Come across this a fair bit, but for other reasons.

 

Thanks very much for your reply. When I do turn off SSL setting in IIS against the Default Website, will I still need to "create a new site" and place my index file, and then rebind http port 80?

Link to comment
Share on other sites

Nah, you can go ahead with sticking your index.html in the root like you tried, but yes any bindings you changed will want to be how they were to start.  You were very close to start with, it's just the SSL restriction that stopped you.

Link to comment
Share on other sites

You are a savior. You knew exactly what I was trying to accomplish.

 

I do have three final questions for you.

 

1) How would have I worded my problem better?

2) You said that you have come across this for other reasons. What are the reasons?

 

3) I assume that there are other companies that both own the .com and .net domains. And I am positive that their .net domain is pointing to their in-house public IP address. Since the .net is now pointing at the in-house public IP address, customers who visit this site will be pointed at the same 403 SSL issue that I was just experiencing. How do organizations prevent this from happening? I'm sure there are other approaches than my own.

Link to comment
Share on other sites

1) Hmm, not sure, I got what you were trying to say, but maybe only because I've seen it before, so not sure on that one  :rofl:

2) I work for an outfit that does school support across Lincolnshire, we have had this a number of times as some of the products we use sync using iis websites and a default iis install these days, particularly once exchange is installed end up with the Require SSL toggled on, good for some things, bad for others.

3) Well, personally speaking, I would have gotten round the entire problem by simply having the .net domain as a alias to the .com, so when they visit the .net they end up transparently on the .com site becuase of the DNS record and it never needs to go near your server.  I have a website setup on my host like that, they have a main url, and also about a dozen other url's, all of which are just aliases on our hosting and now matter which they go to they end up at the first one. 

Link to comment
Share on other sites

Your company owns several sites

xyz.com

xyz.net

xyz.info

xyz.co.uk

 

every site has a www and the main domain.  You have a web server at 1.1.1.1 and a mail server at 255.255.255.255 (for simplicity sake).  Your website dns provider would handle the following...You as the admin would make the changes...nothing points to exchange iis server unless absolutely needed to:

 

xyz.com (A) 1.1.1.1

www.xyz.com (A) 1.1.1.1

mail.xyz.com (A) 255.255.255.255

xyz.com (MX) mail.xyz.com

 

xyz.net (A) 1.1.1.1

www.xyz.net (A) 1.1.1.1

xyz.net (MX) mail.xyz.com

 

xyz.info (A) 1.1.1.1

www.xyz.info (A) 1.1.1.1

xyz.info (MX) mail.xyz.com

 

xyz.co.uk (A) 1.1.1.1

www.xyz.co.uk (A) 1.1.1.1

xyz.co.uk (MX) mail.xyz.com

 

All mail and webmail traffic on all domains would go to 255.255.255.255, all web and host traffic would go to 1.1.1.1....no need for redirects on the exchange client access server.

Link to comment
Share on other sites

Yep, that sort of thing via DNS would work better, the only downside is if you visit those extra url's they would load you on your .com website but show the url you went to, rather than just transparently ending up on .com which in my opinion is better for corporate imagery and such.

Link to comment
Share on other sites

You can either program the web server to handle those domains and treat them as virtuals of the default web site or you can have the server redirect to itself at www.xyz.com. Similar to how these two addresses work.

 

http://www.carestreamdental.com

http://www.carestreamdental.net

(.net redirects to .com)

 

Instead of (A) you can do (CName) for the virtual sites that point to the (A) at the primary site too (would still need to do stuff on the webserver but at least you wouldn't have to manage all of the records,  a single change would have to be done).

 

Would probably add a webmail.xyx.com too for seperate webmail traffic as well as autodiscover, but was trying to keep things simple.

Link to comment
Share on other sites

I just realized that after unchecking "Require SSL" from "Default Website", that this permission automatically trickled down and affected every sub-directory.

 

However, I am able to re-apply the SSL back to the sub-directories without affecting my wwwroot folder.

 

My question is... What sub-directories of "Default Web Site" was SSL originally applied to?

 

Here is a screenshot (attached) and as you can see, I just applied SSL back to OWA

 

Thanks so much!

 

 

Link to comment
Share on other sites

none.  however there should have been an option to only apply to that directory not all subsequent directories.  Just about everything in there exchange put in during the install, other than default web site...unless you have some other custom stuff going on.

Link to comment
Share on other sites

Here is a screenshot (attached) of me applying the disable SSL permission to "Default Website".

I do not see an option to prevent the permission from trickling down.

If you see it, please let me know.

 

I can re-apply the SSL back to the subcategories without breaking my wwwroot folder. I just need to know what subcategories had SSL enabled originally.

 

 

*** I was able to find it over here ***

http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx

 

What's even more interesting is that SSL was applied everywhere correctly as I wanted it, except the OWA subdirectory somehow just had it disabled when I disabled it for wwwroot. Really weird. I never touched that.

Link to comment
Share on other sites

As you have discovered removing SSL on Exchange is a very bad idea.

 

Your better option would be to use mail.xyz.net or mail.xyz.com for the default site so clients don't visit it. Having Exchange on a main domain is ok but more likely to be found by bots and targeted than a subdomain that is not www.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.