Home > Exchange Server > Script: Set-Exchange2010RedirectSSL.ps1 – Redirecting the Root Web Site to /owa and Forcing SSL in Exchange 2010

Script: Set-Exchange2010RedirectSSL.ps1 – Redirecting the Root Web Site to /owa and Forcing SSL in Exchange 2010

Exchange2010LogoA common practice is to redirect the default website to the OWA site in IIS. This allows for a shorter URL for users to remember, and catches those who don’t append “/owa “. It’s a simple enough task for an administrator to do, but I wanted to script it so that I could include it in other Exchange 2010 build scripts to help streamline the process.

Another common practice is to force SSL on specific virtual directories to help enhance security of client access to Exchange. This can take a few extra minutes, but can easily be scripted as well, so I combined both into a simple script. Some of the initial code came from colleague and Exchange Ranger Mark Smith, but I converted it to PowerShell, and added some checks and balances.

Run the script after installing Exchange, and pass it the destination to forward to. An example would be

.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ucunleashed.com/owa"

This will redirect the root site to the URL listed. If you don’t specify the ForceSSL option, it will automatically secure the recommended virtual directories. To override that, set it to $false, such as

.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ucunleashed.com/owa" -ForceSSL $false

The script starts by verifying the web-http-redirect feature is installed. If not, it will install it. Then, the script will backup the current IIS config, apply the changes, then do an IISRESET for them to take effect.

If you’re not sure of how to run it, there is built in help. Just run

Get-Help .\Set-Exchange2010RedirectSSL.ps1

UPDATE: I forgot to mention that the script also assigns permissions to the web.config file for the Offline Address Book to resolve a problem where downloading of the OAB would stop in the middle after configuring HTTP redirection. Microsoft Exchange PFE Bhargav Shukla has pointed out that this was mentioned in fellow MVP Henrik Walther’s post OAB issues after simplifying the OWA 2010 URL? As mentioned earlier, I got initial code from someone else, and didn’t realize that Henrik had already posted about it. So rather than go into details on the issue, please visit Henrik’s excellent post if you’d like more info. Thanks to both Henrik and Bhargav.

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v1.5 – 04-29-2014 – Set-Exchange2010RedirectSSL.v1.5.zip

v1.4 – 01-27-2014 – Set-Exchange2010RedirectSSLv1.4.zip

v1.3 – 01-30-2012 – Set-Exchange2010RedirectSSL.v1.3.zip

v1.2 – 10-19-2011 – Set-Exchange2010RedirectSSL.v1.2.zip

v1.0 – 04-26-2010 – Set-Exchange2010RedirectSSL.zip

Changelog

See the changelog for this script which details all versions and their features

  1. Tireak
    October 6th, 2011 at 22:14 | #1

    Does this script work on Exchange 2010 SP1??

  2. pyore
    October 18th, 2011 at 05:25 | #2

    This script sets a redirect on autodiscover and powershell. Wont that break things?

    • Pat Richard
      October 18th, 2011 at 13:16 | #3

      I’ll do some more testing this weekend. If needed, I’ll update the script. Thanks for the info!

    • Pat Richard
      October 19th, 2011 at 10:45 | #4

      I’m not seeing it set redirect on PowerShell. Autodiscover still works, but I’m gonna tweak the script.

  3. pyore
    October 18th, 2011 at 05:40 | #5

    Check this article that explains what directories should be excluded from redirection http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/

    • Pat Richard
      October 19th, 2011 at 11:34 | #6

      New version posted which resolves that issue, and another issue I discovered if you used -forcessl $false.

  4. October 23rd, 2011 at 13:36 | #7

    Many thanks for this script. I looked at many of the other guides on the Internet and even the Microsoft redirect directions broke OWA. Spent many hours trying to figure it out.
    Your script worked flawlessly.

    Great work!

  5. November 4th, 2011 at 03:53 | #8

    Does this script not break the RPC over HTTP, somehow its not working, after i did the script ???

    • Pat Richard
      November 4th, 2011 at 20:48 | #9

      It didn’t break it on my environment. What do your logs say?

  6. November 17th, 2011 at 05:00 | #10

    Excellent work!

  7. Jason
    December 28th, 2011 at 02:25 | #11

    Migrating Exchange 2003 to 2010, old users are pointing to http://mail.domain.com/exchange but new OWA is https://mail.domain.com/owa
    I cannot figure out how to redirect /exchange to /OWA I am currently getting an apparent ASP Server Error in ‘/’ Application. web.config error. Does this script enable this or is something just broke in my case? For the Vdir redirect is check and sent to /owa.

    • Jason
      December 28th, 2011 at 02:50 | #12

      Jason :
      Migrating Exchange 2003 to 2010, old users are pointing to http://mail.domain.com/exchange but new OWA is https://mail.domain.com/owa
      I cannot figure out how to redirect /exchange to /OWA I am currently getting an apparent ASP Server Error in ‘/’ Application. web.config error. Does this script enable this or is something just broke in my case? For the Vdir redirect is check and sent to /owa.

      Ok I had to run it twice (to fix all the mistakes I previously made 🙂 and everything is getting redirected perfectly now, thanks for this.

      • Pat Richard
        December 28th, 2011 at 08:56 | #13

        Glad to see it’s working for you.

  8. Greg
    February 18th, 2012 at 20:38 | #14

    I ran the script as instructed, saw it apply everything, however now it’s not working. I’m still getting an HTTP500 error when going to the shortened URL, which in my case is http://mail.company.org

    However, when I go directly to the long URL: https://mail.company.org/owa which I put in as the destination to forward to in the script, it works.

    • Ahmed
      February 29th, 2012 at 08:49 | #15

      I have the same symptom but when i created redirection manually, with the mentioned script. did you solve the problem?

    • Ahmed
      February 29th, 2012 at 11:56 | #16

      I have the same symptom but when i created redirection manually, without the mentioned PS script. Did you solve the problem?

  9. Jason
    March 25th, 2012 at 13:24 | #17

    I used this script on one server and it seemed to work, then on the next reboot it did not. I tested on a second server and it would not work at all. The initial redirect in left blank when checking IIS?
    Any ideas people this script would be such a blessing if it worked.

  10. Steve Galbincea
    May 9th, 2012 at 17:05 | #18

    FYI – If you are using Backup Exec 2012 to backup Exchange 2010 and try to do a restore, the restore will fail until you remove the redirect on the EWS virtual directory. BE 2012 uses EWS rather than MAPI for communication with Exchange.

  11. May 29th, 2012 at 13:42 | #19

    Don’t use this script on SBS 2011 if you for instance have:

    remote.domain.tld (Remote Web Access: Remote Workspace)
    owa.domain.tld

    running the script on owa.domain.tld/owa will also break remote.domain.tld, so that it redirects to owa.domain.tld and makes the Remote Web Access site unaccessible…

  12. Jason Jones
    June 1st, 2012 at 15:28 | #20

    Awesome! This script worked great on 2k8-R2 exch2010-sp2

    I had been having issues with either the owa redirect working and breaking the EMC, or vice versa. It was maddening pouring over all kinds of articles on the net only to come up with a half working solution.

    This script fixed all the issues I was seeing. Thanks again Pat!

  13. August 17th, 2012 at 11:14 | #21

    Does this work if you are running multiple authoritative domains? Example: I need to be able to get to owa for authoritative domains abc and xyz so I want the users for those domains to be able to get there by going to mail.abc.com or mail.xyz.com and be in the right place for OWA for those authoritative domains.

    • Pat Richard
      August 17th, 2012 at 11:45 | #22

      This does not cover scenarios like that. Sorry!

  14. September 11th, 2012 at 22:03 | #23

    I always thought the OAB permission issue was just with new OAB virtual directories. I don’t at all understand how setting redirection would only cause issues with one virtual directory and not the others. Regardless, excellent script. May I ask permission to wrap your script in another gui based powershell script (with full attributes to you of course)? I’m looking to create an Exchange 2010 (and possibly 2013) quick configuration script generation tool and your script is far better format than my own powershell notes (and it addresses that stupid oab issue).

    Thanks!
    Zach

  15. joshua
    September 26th, 2012 at 14:16 | #24

    I believe that the RpcWithCert virtual directory should be RequireSSL and Require client cert. currently require cert doesn’t get applied.

  16. joshua
    September 26th, 2012 at 14:21 | #25

    The command for the RPCWithCert VD should be:
    .\appcmd set config “Default Web Site/RpcWithCert” /section:access /sslFlags:”Ssl, SslNegotiateCert, SslRequireCert, Ssl128″ /commit:apphost

  17. November 30th, 2012 at 05:27 | #26

    How can I undo all the changes by the script? I keep getting “An unexpected error occurred and your request couldn’t be handled” messages. Users are pissed, so I think I’ll just deal with the non-redirect issue instead.

  18. Mike
    January 21st, 2013 at 14:02 | #27

    SP2 for Exchange 2010 broke my redirect. This script worked for me!

  19. Jason
    October 1st, 2013 at 18:41 | #28

    Does this work for Exchange 2013?

    • Pat Richard
      October 1st, 2013 at 18:42 | #29

      No. Some redirection is built into 2013.

  20. Pat
    January 27th, 2014 at 13:19 | #30

    Not sure if this is due to the new version out today, but just ran this on a new server build and had two errors at the beginning of the script. I saved a screenshot here for you –

    https://dl.dropboxusercontent.com/u/17520956/DTS/ehloworld/Capture.JPG

  21. Pat
    January 27th, 2014 at 13:21 | #31

    Sorry, hit OK too fast.

    Everything else in the script seemed to run fine, but the redirection didn’t work. I didn’t back anything out yet since the machine isn’t in production if you need more details.

  22. VM
    February 26th, 2014 at 20:55 | #32

    I have the same issue as Pat , My OS is Windows 2012 and on Rollup 5 for SP3.

  23. Cody
    April 28th, 2014 at 10:28 | #33

    This script is generating this error now, it never did this before:

    Property ‘SupportsPaging’ cannot be found for type ‘System.Management.Automation.CmdletBindingAttribute’.
    At C:\Users\safariland\Desktop\Set-Exchange2010RedirectSSLv1.4\Set-Exchange2010RedirectSSL.ps1:57 char:16
    + [CmdletBinding <<<< (SupportsShouldProcess = $True, SupportsPaging = $True)]
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertyAssignmentException

    The term 'Get-WindowsFeature' is not recognized as the name of a cmdlet, function, script file, or operable program. Ch
    eck the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At C:\Users\safariland\Desktop\Set-Exchange2010RedirectSSLv1.4\Set-Exchange2010RedirectSSL.ps1:95 char:24
    + if ((Get-WindowsFeature <<<< web-http-redirect).installed -eq $false){
    + CategoryInfo : ObjectNotFound: (Get-WindowsFeature:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

  24. Cody
    April 28th, 2014 at 10:30 | #34

    Forgot to mention; this is on Exchange 2010 SP3 rollup 5, on Windows 2008 R2.

    • Pat Richard
      April 28th, 2014 at 10:32 | #35

      What version of the script are you using?

  25. Pat
    April 28th, 2014 at 10:42 | #36

    I found I had to run this script in plain old Powershell without having the Exchange powershell modules loaded. So just run a straight powershell (As admin) and see if that works. For whatever reason, when the Exchange modules were loaded, it was having issues with the get-windowsfeature. No idea.

    • Pat Richard
      April 28th, 2014 at 10:48 | #37

      Get-WindowsFeature is not really directly related to Exchange. So it shouldn’t be an issue. I’ve run it both ways, and it ran fine.

      • Pat
        April 28th, 2014 at 10:50 | #38

        Understood re: get-windowsfeature. What was odd is on the machines I had issues on, if I opened Powershell by using the Exchange powershell console and simply tried to use get-windowsfeature, it couldn’t be found (Outside of the script.) Really weird. But if I just open powershell without Exchange, get-windowsfeature works fine.

        • Pat Richard
          April 28th, 2014 at 11:16 | #39

          Well, that’s correct. Get-WindowsFeature is not available until you import the ServerManager module.

          • Pat
            April 28th, 2014 at 11:18 | #40

            You’re right, I’m sorry – it’s coming back to me now. I couldn’t import servermanager, THAT was the problem. Once I did it under a regular old PS shell, it was fine.

          • Cody
            April 28th, 2014 at 11:18 | #41

            I figured that out and imported that feature. However, I still get the other error.

  26. Pat Richard
    April 28th, 2014 at 11:20 | #42

    Cody – open the script in notepad. Search for the line that reads:
    [CmdletBinding(SupportsShouldProcess = $True, SupportsPaging = $True)]
    and change it to
    [CmdletBinding(SupportsShouldProcess = $True)]

  27. Cody
    May 6th, 2014 at 23:21 | #43

    Version 1.5 works. I’ve noticed that this script doesn’t work as it used to. It used to set the SSL options correctly on the default web site and on the sub-directories. Now even after this script runs I have to go through each sub-directory (virtual directory) and set SSL to enforce. I had to un-check SSL enforce on the default web site. I also had to enable kernel mode authentication on the EWS virtual directory too (auto-discover would fail until this was done). I was sure this script did all of that SSL work at one point.

  28. dragonspeed
    May 8th, 2014 at 13:32 | #44

    Thank you… D/L’d and ran it on my CAS boxes. Exchange 2010SP3 now redirects happily.

  29. Cody
    July 10th, 2015 at 23:04 | #45

    The newest version doesn’t run at all for me.. I used 1.31 and that works great.

  1. October 21st, 2011 at 16:13 | #1
  2. December 19th, 2011 at 19:53 | #2
  3. April 19th, 2012 at 05:30 | #3