0

I have two servers connected to the same IP address. One is an Exchange Server, the other one is a Synology.

I would like to set up a redirection so when users go to https://server.domain.com they are redirected to the Synology website, ussing https with a different port, while https://server.domain.com/owa still works on the Exchange server through the default 443 port.

It seems that even though I can redirect http requests on the Exchange Default Website, the OWA redirection is still active when accessing it with https.

Is there any way to remove this default redirection? Could anyone suggest another approach to connect both servers to the same subdomain? I only have one IP address, so I don't see any other way.

Jakob8
  • 3
  • 2

1 Answers1

0

Keep noted that this approach isn´t really supported by Microsoft. Additional you might get issues with Auto-Discovery, as Auto-Discovery try to reach a HTTPS site at some time in the process and if your Synology answers here you and your users might see longer AutoDiscovery tasks (and issues if your Synology will ask for a password here instead of giving directly an error that the AutoDiscovery XML didn´t exists). To avoid that you might host an file on the Synology which provides a redirection or static content and provide that via Anonymous. However as said its not really supported and I really wouldn´t do that.

But as you asked if there are other options, here are two (solution 2 would be the prefered one)

  1. One option would be using another port which isn´t https / 443. I have seen similar constructs where an different application on the same IP is using 4443. This would not cause issues with Exchange running on the same IP on port 443. However this would mean you need to adjust your IIS server running on Exchange or the system who host your external IP.

  2. Another option would be to use a "microsoft web application proxy" in front of Exchange, which "tunnel" to the internal Microsoft Exchange Server (and depending on the hostname) to your internal Synology website. Its a kind of vHost configuration if you are familiar with that. Microsoft described it as (see here and here):

Web Application Proxy is a role service of the Remote Access server role in Windows Server® 2012 R2. Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access your web applications from outside the corporate network.

enter image description here

As a starting point I think you could use "Using Application Proxy to Provide Access to SharePoint Server and Exchange Server" and replace Sharepoint with your Synology.

You might also come up with additional services if really needed via that way (see picture above which speaks about "Applications" and not only a single "Application").

BastianW
  • 2,868
  • 4
  • 20
  • 34
  • Thanks BastianW, I will try that approach then, although looks quite complicated for my limited IT knowledge. Is there a way to "split" the IP address in two, so I could have one for each server? Synology has a DNS server application, not sure if I could play with that? – Jakob8 Oct 17 '17 at 14:22
  • The idea with the proxy is that you only need one external IP (instead of two). You already have a ActiveDirectory up and running. So you only need to setup an AD Federation Service (I think it should take 2-3 hours). Then you need to setup the web application proxy. This should take you 1-2 hours (see [here](http://www.admin-enclave.com/en/articles/skypeforbusiness/224-use-ms-web-application-proxy-as-reverse-proxy-and-adfs-with-skype-for-business.html) for a handout with pictures for the proxy part). For the AD FS (Federation) you might find multiple one in the Internet I think. – BastianW Oct 17 '17 at 14:44
  • You couldn´t really split a IP. The only option I see here is to use a different port as 443 for Synology (see [here](https://networkengineering.stackexchange.com/questions/20663/can-same-port-configured-for-different-ip-address-or-different-protocol)). However as outlined above, the external IP might be hosted by Exchange so you need adjust the routing and/or Exchange. We do not know your setup here to say that. I personally think the proxy mentioned above would be the easiest solution as you might find a lot of additional tutorials via google which will help you to get that up and running. – BastianW Oct 17 '17 at 15:15