Can't Force SSL With Outlook Mobile Access
Sunday, December 16, 2007
I just learned today that you cannot force the user of SSL on any part of an Exchange enabled website in IIS. You can still use SSL but apparently turning on the "Require Secure Channel(SSL)" option makes OMA not work. Here was the error I was getting:
If you have recently changed your password, the system may not yet have completed the change. Please wait a short time and try again. If this is not the case, your Exchange server mailbox has not been created. Please access your account via Microsoft Outlook or Microsoft Outlook Web Access to create your user mailbox. Please contact your system administrator for additional assistance.
I have to admit I've only set up the OMA site a half dozen times so there may be something out there that explains this issue better than I but I've found a bunch of websites that support this claim. One site makes a reference to a KB article that no longer exists.
The Steps
- Open the IIS Management Console on the back-end Exchange 2003 server.
- Right click the Exchweb virtual directory under the default Web site, and then click Properties.
- Click the Directory Security tab.
- Click Edit in the Secure Communications area.
- Click to clear the "Require secure channel (SSL)" check box, and then click OK for all windows.
But I To Force SSL
The problem remains "What if you actually want to force SSL?" I had a hard enough time trying to have 50 users understand what the "S" in HTTPS meant.
What I did was create a second site that was Exchange enabled. This site I forced SSL while the first site I left it optional. I sent an update to the end users explaining that there was a new mail website "https://www.website.com/mail" and made a few minor modifications [adding company logo] so that they could tell the difference in the hopes that they would think that new = upgrade. This way, if they used http instead of https, I could redirect them automatically.
External Links
http://www.petri.co.il/forums/showthread.php?t=10208 - Daniel Petri's website forum
http://www.webservertalk.com/archive128-2004-3-166297.html - Forum article that makes a reference to the problem.
If you have recently changed your password, the system may not yet have completed the change. Please wait a short time and try again. If this is not the case, your Exchange server mailbox has not been created. Please access your account via Microsoft Outlook or Microsoft Outlook Web Access to create your user mailbox. Please contact your system administrator for additional assistance.I have to admit I've only set up the OMA site a half dozen times so there may be something out there that explains this issue better than I but I've found a bunch of websites that support this claim. One site makes a reference to a KB article that no longer exists.
The Steps
- Open the IIS Management Console on the back-end Exchange 2003 server.
- Right click the Exchweb virtual directory under the default Web site, and then click Properties.
- Click the Directory Security tab.
- Click Edit in the Secure Communications area.
- Click to clear the "Require secure channel (SSL)" check box, and then click OK for all windows.