- Remove From My Forums
-
Вопрос
-
Обновили публичный сертификат для Exchange 2013 — теперь пользователи при попытке входа через OWA получают ошибку 403 — доступ запрещён. Надо сказать, что было настроено перенаправление HTTP на HTTPS, чтобы пользователям было проще заходить в
почту. При непосредственном входе через HTTPS — всё работает. Смотрю в диспетчере IIS7 — почему-то на Default Web Site слетело «Перенаправление протокола HTTP». Восстанавливаю перенаправление как было. Но параметры SSL
менять не даёт (а по инструкции https://technet.microsoft.com/ru-ru/library/aa998359(v=exchg.150).aspx надо снять флажок «Требовать SSL») — говорит — «Сайт не имеет безопасной привязки HTTPS и поэтому не может принимать
SSL-подключения».Вопрос как всегда — что делать ?
=STAS=
Ответы
-
Ой, бес попутал, сорри… Не на том сервере смотрел настройки IIS. Короче, проблема решилась просто — при обновлении сертификата почему-то в настройках IIS ставится галочка «Требовать SSL». Убрал её — и всё заработало
Ещё раз извините …
=STAS=
-
Помечено в качестве ответа
20 сентября 2016 г. 14:52
-
Помечено в качестве ответа
Ещё раз извините …Problem:
When you go to access your Outlook Web App website you receive the following message:
Server Error 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
Solution:
In Exchange 2007 and Exchange 2010 Outlook Web Access (OWA) uses HTTP Secured (HTTPS) by default and therefore when you type the URL you must type https://server.domain.com/owa instead of http://server.domain.com/owa
You can also configure your server to automatically redirect http request to OWA web site as https requests:
- Log onto your Exchange server hosting the Client Access Server (CAS) role
- Open the IIS Management console (Start -> Administrative Tools -> Internet Information Services (IIS) Manager)
- Expand the ‘Default Website’ and click on ‘OWA’
- From the main window, click on ‘HTTP Redirect’
- Place a tick next to ‘Redirect requests to this destination’
- Enter in the full https address for your OWA install.
Detailed instructions can also be found on Microsoft Technet:
- for Exchange 2007: How to Simplify the Outlook Web Access URL
- for Exchange 2010: Simplify the Outlook Web App URL
Search code, repositories, users, issues, pull requests…
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign up
- Remove From My Forums
-
Question
-
Hi,all
we r using exchange 2003.
most of our users can access their mailbox via OWA .
only 1 user encounter 403 error.
first i think it might be a permission problem. so I delete the accout then recreate it.
but we still has trouble access owa by using this account.
the aaccount can access owa via https://myowaurl/Exchange/useraccount/ without problem but got 403 error via https://myowaurl/ while all other users can access it sucessuflly and redirect to their mailbox .
any clue about this??
Answers
-
Hi,
First I note that you have CS suffix for that account. So let me explain that why we will get 403 error.
If a user’s mailnickname ends with one of the following suffixes, OWA logon via FBA
gives an HTTP 403 error. These suffixes are the values of ScriptMaps which is inherited from the W3SVC node of the metabase..asp
.cer
.cdx
.asa
.idc
.shtm
.shtml
.stm
.asax
.ascx
.ashx
.asmx
.aspx
.axd
.vsdisco
.rem
.soap
.config
.cs
.csproj
.vb
.vbproj
.webinfo
.licx
.resx
.resources
.jsl
.java
.vjsprojWe use the value of the ScriptMaps property to add the OWA ISAPI extension(EXPROX.DLL on F-E servers and DAVEX.DLL on B-E servers) as «wildcard» mapping in order to format the the raw contents of the EXIFS or proxying requests to the correct back-end server. It will add a line like
*,C:\Program Files\Exchsrvr\bin\davex.dll,1
So please try to avoid to create user with these extensions.
Regards,
Xiu
-
Proposed as answer by
Friday, May 29, 2009 8:25 AM
-
Marked as answer by
Xiu Zhang
Tuesday, June 2, 2009 6:13 AM
-
Proposed as answer by
-
Hi,
If you do need this account, then we can try to delete the .cs mapping to avoid the issue since we do not need any script processing. Detail steps like below:
1. Open IIS manager.
2. Navigate to /OWA virtual directory.
3. Right click /OWA and then select to Properties.
4. In the Virtual Directory tab, please find Configuration button in the bottom of the window.
5. Please select Mapping tab.
6. In the drop-down list, please find .cs and then remove.
7. After that, please run IISreset /noforce from a command prompt.
Regards,
Xiu
-
Proposed as answer by
Xiu Zhang
Friday, May 29, 2009 8:25 AM -
Marked as answer by
Xiu Zhang
Tuesday, June 2, 2009 6:13 AM
-
Proposed as answer by
-
Hi,
The /OWA virtual driectory doesn’t exists because it exists on Exchange 2007 and not your Exchange 2003. You can remove the .cs mapping on the Default Web Site, but be aware if you do that you will not able to run any .NET web application what has csharp source code in it.
Regards,
Zoltán
http://www.clamagent.org — Free Antivirus for Exchange
http://www.it-pro.hu
http://emaildetektiv.hu-
Marked as answer by
Xiu Zhang
Tuesday, June 2, 2009 6:13 AM
-
Marked as answer by
-
Dear Sir :
I C.
Thanks a lot.-
Marked as answer by
EssentialMao
Tuesday, June 2, 2009 5:01 AM
-
Marked as answer by
Did you try this solution?
- Click «Start», select «Programs», «Microsoft Exchange» and click «System Manager».
- Expand Servers, expand ServerName (where ServerName is the name of your computer exchange), expand Protocols, expand HTTP, and then expand Exchange Virtual Server.
- In the Exchange Virtual Server section, right-click Exchange and select Properties.
- Go to the “Access” tab, check the “Browse Directory” box and click the “OK” button.
Was this post helpful?
thumb_up
thumb_down
Exchange 2013 uses HTTP Secured (HTTPS) by default and therefore when you type the URL you must type https:/ Opens a new window
Was this post helpful?
thumb_up
thumb_down