Exchange 2013 SP1 - SSL Offloading Broken?

So I've decided to start testing SSL offloading with Exchange 2013 SP1 now that it is supported. I have followed this guide: http://technet.microsoft.com/library/dn635115(EXCHG.150).aspx. It is fairly straightforward, remove the "Require SSL" option on the VDIRS and IISRESET.

To test, I load up http://CAS/OWA and it immediately redirects to HTTPS://CAS/OWA. I do not see why it is doing this or how to configure it otherwise. So while my server is accepting connections on port 80, it's just bouncing them over to 443. How do we disable this?

I checked the HTTP Redirect option on the VDIRs, which is not present. Also, I am going straight to the server, so there is not a device in front that is redirecting my requests. Any thoughts?

Thanks,

Brandon



March 24th, 2014 9:01pm

Hi, 

I recommend you double confrim the following registry key has been configred properly:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA\SSLOffloaded

In the Edit DWORD Value dialog box, in Value data, type 1.

And then restart IIS services.

Here is a similar thread for your reference:

https://social.technet.microsoft.com/wiki/contents/articles/1267.how-to-configure-ssl-offloading-in-exchange-2010.aspx

Hope this helps!

Thanks.

Free Windows Admin Tool Kit Click here and download it now
March 26th, 2014 11:30am

Niko,

I am under the impression that the requirement of the registry key was for Exchange 2010, and is not a requirement for Exchange 2013 SP1. Is this not the case?

Thanks,

Brandon

March 26th, 2014 9:21pm

Hi Brandon,

Have you tried http://localhost/owa on CAS server?

If we can reproduce the issue when visit http://localhost/owa on CAS server, please check the following configuration files in OWA Virtual Directory location:

You can contrast the files here on an problematic CAS server and an normal CAS server, see if there is any clues.

Thanks,

Jessie

Free Windows Admin Tool Kit Click here and download it now
April 2nd, 2014 2:07pm

Thanks Jessie.

I tried your suggestion and I get the same behavior:

So I did some further testing and if I put in http://localhost/owa/auth/logon.aspx, then the page loads with port 80. 

If I put in http://localhost/owa/* (* being anything that isn't a valid item in the directory) then it redirects to https. 

I checked under the OWA VDIRs in IIS for HTTP redirects, none to be found. Also browsed through the code in the directory you mentioned but did not find anything that clearly looks like a redirect. I am seeing this behavior in both our production environment and a clean test environment, both fresh installs of Exchange 2013 SP1.

Seems we just need to track down what is redirecting everything under the /owa/ directory and disable it. Any ideas?

Cheers,

Brandon

April 2nd, 2014 10:58pm

Hi Brandon,

Thanks for your information. I applied a lab with Exchange 2013 SP1, and I can reproduce the issue. When I accessed http://localhost/owa, it went to https://localhost/owa/auth/logon.aspx?*****. When I accessed http://localhost/owa/auth/logon.aspx, it went on and did not turn to https://***.  I was unable to reproduce the issue on an Exchange 2013 CU1 invironment.

Here, please notice when we access http://localhost/owa, it jump to the authentication page https://localhost/owa/auth/logon.aspx?*****. But if we went to the authentication page directly via http://localhost/owa/auth/logon.aspx, it went on via port 80. I'm thinking this could be hard-coding in OWA function when the OWA request being authenticated.

I will upgrade my Exchange 2013 CU1 server to Exchange 2013 SP1, see if we can reproduce the issue.

Thanks,

Jessie

Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2014 3:19pm

Thanks Jessie. Look forward to hearing what results when you try this with an environment upgraded from CU1.
April 3rd, 2014 6:29pm

Hi Brandon

I can reproduce the issue after I upgrade my Exchange 2013 CU1 server to Exchange 2013 SP1. Access http://localhost/owa but it goes to https://localhost/owa/auth/logon.aspx?*****. It appears a change in Exchange 2013 SP1 and it could be hard-coding in OWA request handling process.

Thanks,

Jessie

Free Windows Admin Tool Kit Click here and download it now
April 5th, 2014 12:45pm

Hi Brandon,

Do you need any further help regarding this issue? If you have any questions or concerns about the information we provided, please feel free to let me know.

Thanks,

Jessie

April 9th, 2014 6:34am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics