0

We have two servers on our LAN. One is a Windows 2003 Server domain controller running Exchange 2003. The other is a stand-alone Windows 2008 server running IIS 7. Our company website runs on the IIS 7 (2008) server, so the firewall forwards port 80 to this. How can I get OWA and ActiveSync to work with this setup? And without using SSL.

I have tried setting up a website on the IIS 7 box (mail.ourdomain.com) and using HTTP redirect to point to http://mailserver/exchange, but this doesn't work.

Do we have to purchase an SSL certificate for this to work?

2 Answers2

0

I'd certainly use a SSL certificate. It's madness to publish this kind of app on the web without SSL imho, and a certificate isn't exactly expensive.

As for publishing the site itself, I'd use something like ISA/forefront server to allow for fairly easy and fairly secure publishing of both the website and your exchange server stuff.

Rob Moir
  • 31,884
  • 6
  • 58
  • 89
  • I will get the client to purchase an SSL cert today and do it that way. Do you know if there is a way to do this without getting OWA working, and just ActiveSync working? They don't actually use OWA - I thought it was needed for ActiveSync to work. –  Oct 27 '10 at 14:24
  • I don't know of a way, because I've never tried it - it's usually just as easy to get both working as it is to get just one working. I suppose you could use IIS to set permissions to block people if you need to actively block them from OWA rather than "the client doesn't care if it works or not". – Rob Moir Oct 27 '10 at 15:17
0

You will definitely need your firewall to NAT appropriately to either the IIS server or the Exchange server, depending on incoming URL. ISA does this out of the box and integrates with both, and is a relatively cheap solution if you don't have something else already. But you should still always consider other options.

As for publishing ActiveSync but not OWA, they operate on the same ports (80 and 443), but what you can do is disable the OWA feature for your users. It's been a while since I've used 2003 (with 2010 you can easily do this sort of thing with the Exchange Management Shell), but I know you can certainly do it at the individual mailbox level if you wanted to manage which users have access to it and which don't. But if you wanted to just disable OWA entirely you could do this in IIS (on the Exchange box not your web server) just as easily.

Matt
  • 1,893
  • 5
  • 28
  • 40