Hi allClearly my Googl/Bing mojo is failing me today, but I can't seem to find an easy way of redirecting http traffic to https for OWA. When I enter the url, e.g. http://webmail.contoso.com/owa I get the following error: HTTP Error 403.4 - Forbidden The page you are trying to access is secured with Secure Sockets Layer (SSL). This is expected and if I enter the same URL prefixed with "https" all is ok. I followed the instructions in the following KB article to get the http to https redirection working (using Scenario 2) but after applying the settings and performing an IISRESET I still get the same error:http://support.microsoft.com/kb/975341/EN-USAlexei

Hi there, I've had to do this before a long time ago, but basically what it involved was -creating another website listening on 80, and not requiring SSL -adding a binding for webmail.contoso.com -a subdirectory called owa -an index.html page with a meta redirect to https://webmail.contoso.com/owa (http://www.seologic.com/faq/meta-refresh-tag.php) This pretty much did all I needed it to. It wasn't in fact for OWA, but another SSL secured site, but it should work all the same! Hope this helps!

This will help you out, it is the method I use http://blog.exchangegeek.com/2009/06/owa-redirect.htmlFull time IT consultant since 1998 mainly on Exchange\ISA\AD MCSE NT4.0,2000/2003, CCNA MCITP: Enterprise Messaging Administrator 2007/2010 MCT since 2001

Thank you both for the suggestions. I could certainly try those approaches, but are we saying that the article is wrong, i.e. that it doesn't provide a viable method for HTTP to HTTPS redirection?I would have thought this was something pretty standard. Alexei

No the article is not wrong, it is just that you have the "Require SSL" set on your default web site so IIS is denying access even before any redirection method kicks in. It is written in both the KB article and in the link I gave you that you should disable "Require SSL" from the Default website but NOT on any virtual directory If you are running IIS 7 the article you provided details how to solve this errorFull time IT consultant since 1998 mainly on Exchange\ISA\AD MCSE NT4.0,2000/2003, CCNA MCITP: Enterprise Messaging Administrator 2007/2010 MCT since 2001

Where is it written in the KB article that I should disable "Require SSL"? The way I read the article, Scenario 2 is specifically provided to address scenarios in which "Require SSL" is enabled. Alexei

Sorry Alexei my bad I missread the KB However in the link I gave you http://blog.exchangegeek.com/2009/06/owa-redirect.html "For best results set the root of the web site not to require SSL and all virtual directories (OWA, EWS, etc) to require SSL." Just disable it on the Default web site root do not apply it on any of the sub directoriesFull time IT consultant since 1998 mainly on Exchange\ISA\AD MCSE NT4.0,2000/2003, CCNA MCITP: Enterprise Messaging Administrator 2007/2010 MCT since 2001

It looks like the wording in the knowledge base article is misleading (at best). The procedure works if "Require SSL" is de-selected. This does not mean that SSL has to be disabled - just that it is not required.