The other
day we decided it was time to apply SP2 to our Exchange 2010 SP1 environment
(in pre-production first of course). After installing it to one CAS server
without any issues, it was time to test it to make sure OWA, ECP, etc., was
working fine.
We have
Hardware Load Balancers in front of our CAS servers and we also do SSL
Offloading so to test it we connected directly to the CAS server:
- OWA opened fine. We could navigate through all the e-mails in the Inbox folder without any problems;
- We noticed that the integration with OCS wasn’t working… After checking all the configurations, everything seemed to be correct;
- The ECP was working without any problems;
- But whenever we selected a different folder in OWA, we would get the following error message:
After a
while, we noticed that by using HTTP://CASserver/OWA we would experience all these problems but if we used HTTPS everything would
work fine!
So we
checked IIS settings regarding SSL, Certificates, SSL Offloading and the OWA
Virtual Directory configuration but everything was as before!...
It was only
when we compared the web.config file
for OWA that we noticed something different:
SP2
introduces a new key called httpCookies:
<!-- Require all cookies to be
sent over SSL only. This config applies only to DataCenter where HTTPS is
required (PS: 445778) -->
<httpCookies
httpOnlyCookies="false" requireSSL="true"
domain="" />
Although in
IIS we have the Default WebSite to require SSL but the OWA one to not require
SLL, this setting seems to take precedence and so it makes OWA to require SSL.
For this reason, we were getting all those problems when using HTTP only...
After
changing the requireSSL="true"
to false, everything was back to
normal!
According to
Microsoft, this is a new feature in SP2 to simplify the Outlook Web App URL (in
most scenarios).
In the
Exchange 2010 SP2 Release Notes there is a mention to this that we missed:
If
you’re using redirection for Outlook Web App and aren’t requiring Secure
Sockets Layer (SSL), redirection will fail after the Client Access server is
upgraded to Exchange 2010 SP2. To avoid this problem, after you’ve completed
the upgrade to Exchange 2010 SP2, modify the Outlook Web App web.config file.
For directions, go to “Use IIS Manager and Notepad to simplify the Outlook Web
App URL when SSL isn’t required” in Simplify the Outlook Web App URL. You don’t
have to make any changes in IIS Manager to prevent redirection from failing.
You just have to modify the web.config file.
Bottom line: always read
everything in the release notes and always test it before implementing any
change/rollup/SP in your production environment!
Hi,
ReplyDeleteYes, this requireSSL attribute was missed by several people during migration/updates to SP2. And, it is surely essential to follow release notes and some good blogs like "letsexchange" and "thoughstsofanidleming" to be on safer end. Alternatively, you should consult with professional companies to help you with migration process.
Thanks.
Hi. Thanks for your comment and compliment! You are absolutely right. It was my fault to be honest... I should have read everything on the release notes... Well, it won’t happen again! :) Cheers, Nuno
ReplyDeleteWhat is the location of this web.config file?
ReplyDeleteThanks,
Hi,
DeleteThe default location of the Outlook Web App web.config file is: \Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa.
Regards, Nuno