http to https redirect Windows 2008 IIS

This is the best way I have found to redirect http to https and to a specific sub url.

Hence if the user types mail.uwhpwatertown.com, which implies http, they will, thru IIS error handling, get redirected to https://mail.whatever.com/owa

I was doing this for a client, and I took some screenshots to make it easier to understand.

It’s a good solution for OWA and probably for other websites as well.

Step ONE:

change the error setting.

Go to the Default Web Site in IIS managment, click the error pages button

On the far right, click the “Edit Features Settings…”

Change the settings from the bottom radio button….

iiserror

That gives you this error ……

To this setting

Which gives you this setting

Step two:

Click on this 403 error (403 means you hit the web page with http, when it requires https)

Change it from this:

To this

image007

Click ok, now it should look like this:

image008

Test it by typing mail.whatever.com, or localhost (at the server), you will get redirected to https://mail.whatever.com/owa

So, in summary, that covers http to https redirect (with additional redirect to /owa)

But what about if someone types https://mail.whatever.com , meaning they typed https, but did NOT include the /owa at the end.

We need that to redirect to the /owa subfolder.

In the root of the web server, add a file called default.htm and add the following text at the contents of that default.htm

Change the FQDN to your appropriate address.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML dir=ltr>
<HEAD>
  <!--
  	Do Not Change anything in the <HEAD> section except the data in the
  	"META http-refresh" tag or you may render this page non-functional
  -->
  <TITLE>The page cannot be displayed</TITLE>
  <META content=NOINDEX name=ROBOTS>
  <META http-equiv=Content-Type content="text-html; charset=Windows-1252">
  <!--
  	Using the following META-tag, we instruct the browser to automatically seek another page.
  	http-equiv="Refresh" instructs the browser to refresh its content
  	content= has two parts:
  		0 = time delay in seconds before the browser actually executes the redirection
  	 	URL = the actual content to seek
  	With the given settings, the browser will seek "URL" immediately
  -->
  <META http-equiv="Refresh" content="0;URL=https://FQDN/owa">
  <META content="MSHTML 5.50.4522.1800" name=GENERATOR>
</HEAD>
<BODY>
</HTML>


Advertisements

Folder and File level scanning Exclusions for Exchange 2010

There is a technet article
http://technet.microsoft.com/en-us/library/bb332342.aspx

Titled : File-Level Antivirus Scanning on Exchange 2010
Please read the first section to understand the requirements.

To make the rest of the article easier to understand, as it does get a bit convoluted after the introduction….

The following folders (and subsequent subfolders) need exclusions:

C:\Program Files\Microsoft\Exchange Server\V14\Mailbox
C:\Program Files\Microsoft\Exchange Server\V14\GroupMetrics
C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles
C:\Program Files\Microsoft\Exchange Server\V14\Logging
C:\Program Files\Microsoft\Exchange Server\V14\ExchangeOAB
C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\MDBTEMP
C:\Program Files\Microsoft\Exchange Server\V14\Working\OleConvertor
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess

C:\Windows\Cluster
C:\Windows\System32\Inetsrv

C:\inetpub\temp\IIS Temporary Compressed Files
C:\Inetpub\logs\logfiles\w3svc

In my deployment, I typically  put the Transaction logs on E and databases on F

E:\Logs
F:\Databases

In addition, as mentioned in the article,
Many file-level scanners now support the scanning of processes, which can adversely affect Microsoft Exchange if the incorrect processes are scanned.
Therefore, you should exclude the following processes from file-level scanners.
(I re-sorted the table from the technet article into alphabetical listing for easy reading)

Cdb.exe
Cidaemon.exe
Clussvc.exe
Dsamain.exe
EdgeCredentialSvc.exe
EdgeTransport.exe
ExFBA.exe
GalGrammarGenerator.exe
Inetinfo.exe
Mad.exe
Microsoft.Exchange.AddressBook.Service.exe
Microsoft.Exchange.AntispamUpdateSvc.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe
Microsoft.Exchange.EdgeSyncSvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.ProtectedServiceHost.exe
Microsoft.Exchange.RPCClientAccess.Service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
MSExchangeADTopologyService.exe
MSExchangeFDS.exe
MSExchangeMailboxAssistants.exe
MSExchangeMailboxReplication.exe
MSExchangeMailSubmission.exe
MSExchangeRepl.exe
MSExchangeThrottling.exe
MSExchangeTransport.exe
MSExchangeTransportLogSearch.exe
Msftefd.exe
Msftesql.exe
OleConverter.exe
Powershell.exe
SESWorker.exe
SpeechService.exe
Store.exe
TranscodingService.exe
UmService.exe
UmWorkerProcess.exe
W3wp.exe
In addition to excluding specific directories and processes, you should exclude the following Exchange-specific file name extensions in case directory exclusions fail or files are moved from their default locations.

Application-related extensions
.config
.dia
.wsb

Database-related extensions
.chk
.log
.edb
.jrs
.que

Offline address book-related extensions:
.lzx

Content Index-related extensions
.ci
.wid
.001
.dir
.000
.002

Mailbox Stats Mailed Exchange 2010

The goal of this article is to create a mailbox.txt file that contains mailbox statistics about your exchange users AND to have it mailed to you everyday at say, 5:00pm.

This article is specific for Exchange 2010, but it can be used on 2007, just modify the path to Exchange installation folder by removing the “v14” folder.

You will be creating two files, both reside in the “bin” folder of exchange, by that I mean for a standard installation of Exchange 2010, it would be the following folder:
C:\Program Files\Microsoft\Exchange Server\v14\bin

First, create a file called SendStats.ps1 that has the following two lines of code and three comment lines (which begin with ###)


###Send mailbox statistics script###
###Get the stats and store in a text file called mailboxes.txt###
Get-MailboxStatistics -database "Exchange Mailbox Database"| Sort-Object DisplayName | ft DisplayName,@{label="TotalItemSize(KB)";expression={$_.TotalItemSize.Value.ToKB()}},ItemCount > mailboxes.txt

###Create the mail message and add the mailboxes.txt text file as an attachment###
Send-MailMessage –From help@madtownengineer.com –To help@madtownengineer.com –Subject "Mailbox Size Report" –Body "Attached is the current list of mailbox sizes." -Attachment "Mailboxes.txt" –SmtpServer localhost

You will need to modify the -database “Exchange Mailbox Database” to the actual name of your database and you will need to modify the from and to addresses to a valid email address for your system.
I found that exchange 2010 likes ‘localhost’, but exchange 2007 likes the dns name of the server itself, as in ‘server1.addomain.local’

Then, create another file called MBStats.bat which contains two lines of code:

cd "C:\Program Files\Microsoft\Exchange Server\v14\Bin"
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -PSConsoleFile "C:\Program Files\Microsoft\Exchange Server\v14\Bin\ExShell.psc1" -Command "sendstats.ps1"

The nice thing about this batch file is that it easily allows you to make the scheduled task without a lot of command line arguments  (and testing the script from a cmd prompt is easy too)

Like I said above, both of these files are stored in the “bin” folder of exchange.

Finally, go into the Scheduled Tasks of Windows 2008 R2 and create a scheduled task to run every day at 5pm, whether user is logged on or not.

You can just type in the batch file name, you won’t need to point to the entire path location because the Exchange “bin” folder is already in the PATH variable.

ExFolders

What was PFDAVADMIN for 2003 is not ExFolders for 2010
Sweet!!
Make sure you read the README, which says:
-ExFolders must be run from an Exchange Server 2010 machine with the Microsoft Exchange Active Directory Topology service, which means it will not currently run on a tools-only install. This might change in the future.
ExFolders.exe must be placed in the server’s Exchange \bin folder. If you try to run it from anywhere else, it will simply crash.
– This build is not signed. In order to allow it to run, you can import the included .reg file on the server where you want to run the tool or run “sn -Vr ExFolders.exe” (using the 64 bit version of the SN tool) to allow it to launch. If you don’t, it will crash. To read more about the SN tool, please go here: http://msdn.microsoft.com/en-us/library/k5b5tt23.aspx

http://msexchangeteam.com/archive/2009/12/04/453399.aspx

With the recent release of Exchange 2010, WebDAV is gone from Exchange, so PFDAVAdmin is no longer an option at all. A lot of the things you used to be able to accomplish only in PFDAVAdmin can now be done at the command line. For instance, Get-PublicFolder and Set-PublicFolder can be used to export and import permissions and replica lists, while Get-MailboxFolderPermission and Set-MailboxFolderPermission can be used to export and import mailbox permissions. However, there are still a few things you just can’t do without PFDAVAdmin-like functionality.

Fortunately, we have a solution – a tool called ExFolders. This new tool is really just a port of PFDAVAdmin to Exchange 2010. We changed the name to ExFolders because it no longer relies on DAV, and it’s not just for public folders (even PFDAVAdmin, in its public release, was not just for public folders). The name just didn’t make sense anymore, so we changed it to the easier-to-pronounce ExFolders.