HTTP to HTTPS OWA redirect | Exchange 2013 and 2016

Introduction

In this post, I’ll demonstrate how to redirect HTTP OWA requests to HTTPS for both Exchange 2013 and 2016. This simplifies the OWA URL and is easier for end users to remember as they don’t have to type https://.

OWA over HTTP

When we try to browse to OWA using the HTTP address, in our case http://mail.litwareinc.com/owa, we get the error below:

“The website declined to show this webpage (HTTP 403 Forbidden)”

Background information

OWA is set up as a virtual directory in IIS on Exchange 2013 CAS and MBX servers and on Exchange 2016 servers. The virtual directory is configured on an IIS website of which there are two when Exchange is installed: “Default Web Site” and “Exchange Back End”. See below:

On each of these web sites, there are bindings which specify which server IP, port number and host header the web site is configured to respond to. The bindings for the “Default Web Site” include port 80 and 443:

The bindings for the Exchange Back End site include port 81 and 444:

So, as you can see, our Exchange server is listening for connections on port 80 as it is a listed port on the “Default Web Site”. So, why does OWA not work on port 80?

The problem is that the Default Web Site is configured to require SSL:

Before you go ahead and just untick “Require SSL”, that’s a good start but it’s only part of the solution. Keep reading for the recommended way to do this.

How to configure HTTP to HTTPS redirect for OWA

To configure this redirect and also require SSL, go through the steps below:

1) Click on “Default Web Site” in IIS on your Exchange 2013 CAS or multirole server or on your Exchange 2016 server. Then double click on “HTTP Redirect”

2) Tick “Redirect requests to this destination” and type in the full OWA URL e.g. https://mail.litwareinc.com/owa. Also tick “Only redirect requests to content in this directory (not subdirectories)” then click Apply.

3) Double click on “Default Web Site” to return to the home menu then double click on SSL settings:

4) Untick “Require SSL” then click on Apply:

5) Click on the Autodiscover virtual directory then double click on HTTP Redirect:

6) Untick “Redirect requests to this destination” then click Apply:

7) Repeat steps 5 and 6 for the other virtual directories under the “Default Web Site” which are listed below:

• ECP
• EWS
• MAPI
• Microsoft-Server-ActiveSync
• OAB
• OWA
• PowerShell
• RPC

8) Reset IIS so that the settings take effect:

iisreset /noforce

9) Confirm the settings are correct and that you can now open up OWA by browsing to http://mail.litwareinc.com/owa:

If you refresh the page using CTRL-F5 or open up a new browser instance and browse to http://mail.litwareinc.com, you will see it now redirects to https://mail.litwareinc.com/owa and we can log in without a problem:

Conclusion

In this post, we’ve gone through the steps to configure an HTTP to HTTPS redirect for OWA on Exchange 2013 and Exchange 2016. Stay tuned for more Exchange tips and tricks!