Thursday, May 23, 2013

OWA 2013 CU1 Redirection is Broken for Legacy Mailboxes

Exchange 2013 CU1 includes a new native module for redirection in OWA 2013 to legacy Exchange. The purpose of this module is to automatically tack on the /owa directory to a URL when the user only types in the FQDN for Outlook Web App.

For example, a user can enter https://webmail.contoso.com in their browser and OWA 2013 will automatically redirect the user to https://webmail.contoso.com/owa.  This works pretty well out of the box and does not require any extra configuration by the administrator.

User enters https://mail.domain.com in browser

OWA 2013 CAS redirects to https://mail.domain.com/owa

However, a problem occurs when CAS 2013 CU1 is the front end for an Exchange 2010 SP3 mailbox, which would be typical during a coexistence scenario.  CAS 2013 proxies the redirected URL that the user first entered (i.e., https://mail.contoso.com, without the /OWA) to CAS 2010, which results in the following experience:

OWA 2010 mailbox proxied through CAS 2013 CU1
I have not tested it, but I expect Exchange 2007 mailbox users proxied by CAS 2013 CU1 will have the same experience.

Microsoft is aware of the issue, which is expected to be fixed in Exchange 2013 CU2, due around July according to the Exchange 2013 Servicing model.

Until CU2 is released, there are a couple of workarounds:
  • Perform redirection on the load balancer, if available (i.e., redirect all webmail.contoso.com URLs to https://webmail.contoso.com/owa).  This will cause CAS 2013 to redirect the latter URL to CAS 2010 properly.
- or - 
  • Disable the new native redirection module and then use old-school redirection, as follows:
  • Open the %systemdrive%\inetpub\wwwroot\web.config file in Notepad and disable the native redirection module by remarking the <modules> section.
Change this section:
<system.webServer>
<modules>
<add name="OwaUrlModule" type="Microsoft.Exchange.HttpProxy.OwaUrlModule,Microsoft.Exchange.OwaUrlModule,Version=15.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35" preCondition="" />
</modules>
</system.webServer>

to this (adding the red comment blocks):
<system.webServer>
<!-- <modules>
<add name="OwaUrlModule" type="Microsoft.Exchange.HttpProxy.OwaUrlModule,Microsoft.Exchange.OwaUrlModule,Version=15.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35" preCondition="" />
</modules> -->
</system.webServer>

  • Save the web.config file.
  • Create a new default.htm file in %systemdrive%\inetpub\wwwroot that contains the following:

<html><meta http-equiv="REFRESH" content="0;url=/owa"></HEAD></html>
  • Optional, but recommended: Create a new custom error for HTTP to HTTPS redirection.  Select the Default Web Site in IIS Manager, double-click Error Pages, then click the Add button.
  • Enter 403.4 for the Status Code and select Respond with a 302 redirect.  The enter the Absolute URL as https://webmail.domain.com/owa, using your own OWA FQDN as shown above.
  • Finally, reset IIS using the command IISRESET /NOFORCE /TIMEOUT:120
  • Rinse and repeat for all CAS 2013 CU1 servers.

2:42 PM