| Author |
Message |
Ashleigh
Guest
|
 Posted:
Fri Jan 14, 2005 6:33 pm Post subject:
SSL not working |
|
|
I have installed a Microsoft Certificate Server certificate on our front-end
server and required SSL connection and 128 bit encryption on the front-end
default web-site (under which Exchange and Public virtual directories sit - I
have checked that they reflect this setting too - and they do).
When I type "https://front-end_server.domain" in the browser- it is fine and
I get the SSL warning. When I add "/exchange" to the end of the above, I get
redirected to the back-end server (as is set up on the site) using HTTP only!
I am very concerned that SSL is not kicking in for this connection -
certainly it is not displayed in the address bar, instead the address
reflects the http address of the back-end server! Surely this is not right?
--
IT Administrator
|
|
| Back to top |
|
 |
Tim Hackbart [MSFT]
Guest
|
| Posted:
Sat Jan 15, 2005 7:33 am Post subject:
Re: SSL not working |
|
|
Ashleigh
If you are getting Redirected to the Back End Exchange Server that host the
mailbox, then this server is still a Back End Server.
Back End Server Redirect requests, while Front End's Proxy requests to the
Back End's.
Double check that the Front End Server Box is checked in the ESM, then also
make sure you have Restarted the IIS Service on your Front End Machine.
The final check is to use the IIS Management Console, go to the Properties
of the Exchange Virtual Directory. Click the "Create" button and then the
"Configuration" button should be enabled. Click on the "Configuration"
button and make sure that Exprox.dll is listed as the Wildcard Application
Map.
If it is still Davex, then the DS2MB Process has not yet run to make the
needed changes.
Try restarting the System Attendant to force this to run,
If it is still Davex then you may need to check your Event Logs for
MSExchangeMU errors.
Hope this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Ashleigh" <Ashleigh@discussions.microsoft.com> wrote in message
news:521523A6-DC01-4508-87E7-DEA61E0642DA@microsoft.com...
| Quote: | I have installed a Microsoft Certificate Server certificate on our
front-end
server and required SSL connection and 128 bit encryption on the front-end
default web-site (under which Exchange and Public virtual directories
sit - I
have checked that they reflect this setting too - and they do).
When I type "https://front-end_server.domain" in the browser- it is fine
and
I get the SSL warning. When I add "/exchange" to the end of the above, I
get
redirected to the back-end server (as is set up on the site) using HTTP
only!
I am very concerned that SSL is not kicking in for this connection -
certainly it is not displayed in the address bar, instead the address
reflects the http address of the back-end server! Surely this is not
right?
--
IT Administrator |
|
|
| Back to top |
|
|
Ashleigh
Guest
|
| Posted:
Mon Jan 17, 2005 4:15 pm Post subject:
Re: SSL not working |
|
|
That was a big step in the right direction Tim!! Thanks. I've clicked
"Create" against the Exchange and Public Virtual Directories (I hadn't known
to do this previously!) and have checked that the Exprox.dll is the wildcard
application - it is. Now I have an improvement in that when I type
http://front-end_server/exchange it tells me it is a secure site! When I use
the same link though, but using https instead, I get prompted to accept the
certificate but then get an error "The page cannot be found".
What option am I supposed to select under the properties of the Exchange and
Public virtual directories (using IIS Admin) as regards where the content
should come from? (there are the three options you can choose - from the
local machine, a share on the network or a redirection to another URL). I
think that I have set this incorrectly. These are the settings that I can't
find documented anywhere!
Your help has already been invaluable - many thanks!
Ashleigh
"Tim Hackbart [MSFT]" wrote:
| Quote: | Ashleigh
If you are getting Redirected to the Back End Exchange Server that host the
mailbox, then this server is still a Back End Server.
Back End Server Redirect requests, while Front End's Proxy requests to the
Back End's.
Double check that the Front End Server Box is checked in the ESM, then also
make sure you have Restarted the IIS Service on your Front End Machine.
The final check is to use the IIS Management Console, go to the Properties
of the Exchange Virtual Directory. Click the "Create" button and then the
"Configuration" button should be enabled. Click on the "Configuration"
button and make sure that Exprox.dll is listed as the Wildcard Application
Map.
If it is still Davex, then the DS2MB Process has not yet run to make the
needed changes.
Try restarting the System Attendant to force this to run,
If it is still Davex then you may need to check your Event Logs for
MSExchangeMU errors.
Hope this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Ashleigh" <Ashleigh@discussions.microsoft.com> wrote in message
news:521523A6-DC01-4508-87E7-DEA61E0642DA@microsoft.com...
I have installed a Microsoft Certificate Server certificate on our
front-end
server and required SSL connection and 128 bit encryption on the front-end
default web-site (under which Exchange and Public virtual directories
sit - I
have checked that they reflect this setting too - and they do).
When I type "https://front-end_server.domain" in the browser- it is fine
and
I get the SSL warning. When I add "/exchange" to the end of the above, I
get
redirected to the back-end server (as is set up on the site) using HTTP
only!
I am very concerned that SSL is not kicking in for this connection -
certainly it is not displayed in the address bar, instead the address
reflects the http address of the back-end server! Surely this is not
right?
--
IT Administrator
|
|
|
| Back to top |
|
|
Tim Hackbart [MSFT]
Guest
|
| Posted:
Tue Jan 18, 2005 12:50 am Post subject:
Re: SSL not working |
|
|
Glad it helped.
I am thinking that this may be more of an IIS issue than Exchange.
The Exchange virtual directories are created with the correct settings, and
should not be modified.
One thing to check is your BackEnd Servers, are they clustered or do they
have Host Headers defined?
When the Front End Proxies a request to the back end it uses port 80, and
it simply send the exact same URL that you typed into the browser to access
the Front End to the Back End.
So if you use http://front-end_server/exchange then that exact URL will be
proxied to the Back End.
IF your back end server has a Host Header defined as "back-end server", this
will result in a 404 page not.
Hope this help
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Ashleigh" <Ashleigh@discussions.microsoft.com> wrote in message
news:382DAC44-DD26-4318-B7CC-57B1E6FBA3D0@microsoft.com...
| Quote: | That was a big step in the right direction Tim!! Thanks. I've clicked
"Create" against the Exchange and Public Virtual Directories (I hadn't
known
to do this previously!) and have checked that the Exprox.dll is the
wildcard
application - it is. Now I have an improvement in that when I type
http://front-end_server/exchange it tells me it is a secure site! When I
use
the same link though, but using https instead, I get prompted to accept
the
certificate but then get an error "The page cannot be found".
What option am I supposed to select under the properties of the Exchange
and
Public virtual directories (using IIS Admin) as regards where the content
should come from? (there are the three options you can choose - from the
local machine, a share on the network or a redirection to another URL). I
think that I have set this incorrectly. These are the settings that I
can't
find documented anywhere!
Your help has already been invaluable - many thanks!
Ashleigh
"Tim Hackbart [MSFT]" wrote:
Ashleigh
If you are getting Redirected to the Back End Exchange Server that host
the
mailbox, then this server is still a Back End Server.
Back End Server Redirect requests, while Front End's Proxy requests to
the
Back End's.
Double check that the Front End Server Box is checked in the ESM, then
also
make sure you have Restarted the IIS Service on your Front End Machine.
The final check is to use the IIS Management Console, go to the
Properties
of the Exchange Virtual Directory. Click the "Create" button and then
the
"Configuration" button should be enabled. Click on the "Configuration"
button and make sure that Exprox.dll is listed as the Wildcard
Application
Map.
If it is still Davex, then the DS2MB Process has not yet run to make the
needed changes.
Try restarting the System Attendant to force this to run,
If it is still Davex then you may need to check your Event Logs for
MSExchangeMU errors.
Hope this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Ashleigh" <Ashleigh@discussions.microsoft.com> wrote in message
news:521523A6-DC01-4508-87E7-DEA61E0642DA@microsoft.com...
I have installed a Microsoft Certificate Server certificate on our
front-end
server and required SSL connection and 128 bit encryption on the
front-end
default web-site (under which Exchange and Public virtual directories
sit - I
have checked that they reflect this setting too - and they do).
When I type "https://front-end_server.domain" in the browser- it is
fine
and
I get the SSL warning. When I add "/exchange" to the end of the
above, I
get
redirected to the back-end server (as is set up on the site) using
HTTP
only!
I am very concerned that SSL is not kicking in for this connection -
certainly it is not displayed in the address bar, instead the address
reflects the http address of the back-end server! Surely this is not
right?
--
IT Administrator
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in