Microsoft MVP, Directory Services, Brian Desmond Consulting, North America
One of the things I've been doing for as long as I can remember is redirecting requests that don't go to https://mail.contoso.com/owa (or /exchange) to the correct URL. So, if someone goes to http://mail.contoso.com or https://mail.contoso.com, he gets redirected to the correct (secure) URL. Historically I've always done this with two components:
This approach no longer works with Exchange 2010 Client Access server because the PowerShell virtual directory actually operates over Port 80 (authentication
is Kerberized). If you try to tinker with this, you'll start getting
errors like the following from Remote Windows PowerShell:
The WinRM service cannot process the request because the request needs
to be sent to a different machine. Use the redirect information to send
the request to a new machine. Redirect location reported:
To work around this, you need
to use the HTTP Redirection feature in IIS (the default.aspx trick
mentioned in the second bullet in the preceding list should work, too),
and also remove the requirement for SSL at the top-level Default Web
Site object. You have to be careful when you do this because when you
configure settings on the Web site, IIS will push them down to any
virtual directory below which does not explicitly set that setting
itself. To set up the redirect, select Default Web Site in IIS Manager,
and open the HTTP Redirect option under IIS. Complete it as shown in Figure 9.
Figure 9. HTTP Redirect
Warning: It's very important that you select the check boxes as shown in the figure!
After this step is complete, you need to remove the enforced redirect from each of the virtual directories under the Default Web Site. To do this, select each virtual directory individually, and then open the HTTP
Redirect property and clear the Redirect Requests To This Destination
check box. You'll need to do this on the following virtual directories:
If at this point if you simply browse to http://cas01.customer.com,
you'll get an HTTP 403.4 error. This is because SSL is required at the
top-level Web site. To get the redirect working, you need to disable
SSL for the top-level Web site while leaving it enabled for the
relevant child virtual directories.
Select Default Web Site, open the SSL Settings properties, and clear the Require SSL check boxes. Like the redirection
settings, this change will be inherited down the tree for any virtual
directory that does not explicitly configure the setting independently.
Ensure that SSL is required for the following virtual directories:
Warning: If you require SSL for the Windows PowerShell virtual directory, you will render Remote PowerShell inoperable!
After you've configured the redirection and SSL settings, open a command prompt and run iisreset. At this point you should be able to browse to http://localhost on the Client Access server and get redirected t https://owa.customer.com/owa.
These steps were tested on Windows Server 2008 R2. They should be
similar under Windows Server 2008, but they may not be identical.