1

We are getting ready to do a network-wide upgrade to Exchange 2010. The url for the old 2007 mailboxes is at

https://mail.example.com

and users who have had their mail box moved will have to go to 

https://Email.example.com

If a user that has a 2010 mailbox attempts to login at the 2007 OWA location, they get a standard 403 Forbidden page. We would like to show them a page of our own making, that includes a link to the 2010 OWA login page.

I assumed we could do this with an IIS Custom Error page, but setting the 403.4 error page in IIS on the Default web site doesn't seem to be working.

Does anyone know how we could get around this?

BTW, our OWA for the 2007 boxes in on Windows Server 2003, and IIS 6

EDIT

Ok, so I don't think I explained the issue right (I'm just now starting to understand the issue myself..). We basically have users who can authenticate, but don't have a mailbox on the 2007 exchange server. Their is a custom error page for all 403.4 errors, that directs a user from http to https. However, when a user without a mailbox tries to log in, no error page is actually getting sent from the server, just a 403 status code.

  • Is mail.example.com open to anyone? If you are closing that url down for good, couldn't you do a cname on your dns to email.example.com? – Cary Golomb Feb 18 '11 at 22:37
  • we are closing it down eventually, but we have so many users that it is going to take a couple weeks to get everyone migrated. during those couple weeks, we'd like as few irritated users as possible lol –  Feb 18 '11 at 22:39
  • Another question, the custom error page you created is html or asp? AFAICS you can not specify a custom error page using html for 403.4 errors because it opens the browser to a security hole. – Cary Golomb Feb 18 '11 at 22:54
  • The 403.4 is already set for a Custom Error page. It is a .asp page that redirects http:// to https://. However, This error page is not the one being used when a user authenticates, but doesn't have a mailbox. I have tested as many as I can, but have not been able to figure out which custom error covers this... –  Feb 18 '11 at 23:03

1 Answers1

1

The problem is that SSL is required, and the error is thrown before custom errors are displayed. Therefore it's not possible to view a 403.4 custom error page.

If it were IIS7, I would recommend URL Rewrite, but since it's not, you have a couple other options.

First off, you can turn off the SSL requirement in IIS so that http://email.example.com (vs. https://email.email.com) works. Then you need to redirect them if they do come into that URL.

You can do that by using www.isapirewrite.com. It's a great tool for that. Or, you can setup another site with the http binding and have it do a redirect to the https (email.example.com) site. That's easiest if you have access to the server, which I assume that you do.

To recap, create another site pointing to a dummy folder and set a redirect to https://email.example.com. Remove the HTTP binding from the existing site and set it to the new site instead. So the redirect site will have the http binding, and the email.example.com site will have the HTTPS binding. You don't need to update the SSL setting in this case either.

Scott Forsyth
  • 16,449
  • 3
  • 37
  • 56