These can be a pain in the arse and not easy to understand (for me anyway) so I am going to write down what I have learned this morning.
An CAS server still on its defaults will not allow http traffic to OWA, nor will it redirect traffic without the "/owa" switch. To make this easier for users this is what you do:
1. Put in a http redirect on the default web page. This would be to your desired site, so for example https://mail.domain.com/owa.
2. Now in the child virtual directories remove the redirection (it is inherited):
Aspnet_client
Autodiscover
ECP
EWS
ActiveSync
OAB
OWA
RPC
RPCWithCert
(I'm not sure what the last two are for)
3. Remove SSL from the default web site.
4. Add SSL to the child virtual directories (same list as above except aspnet)
5. iisreset.
At my company it appears that the process has been been performed slightly differently. SSL is still on for the default web site and turned off on many of the child virtual directories. In "Error redirection" the 403 error is redirected to mail.domain.com/owa. I think this is a bit of a cack handed way to do it but it works.
An CAS server still on its defaults will not allow http traffic to OWA, nor will it redirect traffic without the "/owa" switch. To make this easier for users this is what you do:
1. Put in a http redirect on the default web page. This would be to your desired site, so for example https://mail.domain.com/owa.
2. Now in the child virtual directories remove the redirection (it is inherited):
Aspnet_client
Autodiscover
ECP
EWS
ActiveSync
OAB
OWA
RPC
RPCWithCert
(I'm not sure what the last two are for)
3. Remove SSL from the default web site.
4. Add SSL to the child virtual directories (same list as above except aspnet)
5. iisreset.
At my company it appears that the process has been been performed slightly differently. SSL is still on for the default web site and turned off on many of the child virtual directories. In "Error redirection" the 403 error is redirected to mail.domain.com/owa. I think this is a bit of a cack handed way to do it but it works.
