Alfred's New Ramblings

SSL enabled non-default Outlook Web Access (OWA)

Having problems with your SSL enabled Outlook Web Acess website? Does the SSL port number keep disappearing from your Internet Information Services (IIS) Manager?

First some background.
Outlook Web Access web site is first created using the Exchange System Manager (ESM). Actually, the choices you have during the process of creation is quite limited. You can choose the domain, IP address and that is about it. In the IIS manager, you can change the port number or enable SSL for additional security. Then you get a headache.

The problem is that at regular intervals the service called DS2MB kicks in and writes the Active directory configuration to the IIS metabase. This will overwrite your custom configuration in the IIS manager. The Active Directory information is the HTTP Protocol configuration of your websites in the ESM. The ES2MB service is started approximately every time a domain controller is restarted.

This does not apply for the “Default Website” and can be a real annoyance. What you really need is a way to enter the SSL port number into the ESM. But the field for SSL to greyed out?

The trick is to add a new port number. In the Advanced window, click on “Add” a new port number. Clear out the entry “80” in the TCP field and the SSL field will come back. Enter “443” for the SSL port and click “ok” twice to exit.

Your non-default website is now SSL enabled in the ESM. Next time the DS2MB kicks in your SSL configuration will be still in place. For more detailed information, you can refer to Evan Dodds excellent blog on this issue.




Leave a Reply

Your email address will not be published.