OWA 2013 CU1 Redirection is Broken for Legacy Mailboxes

Exchange 2013 CU1 includes a new native module for HTTP to HTTPS redirection in OWA 2013.  This means that users only need to enter the URL for the OWA 2013 server or load balancer to gain access to OWA.



For example, a user can enter webmail.contoso.com in their browser and OWA 2013 will automatically redirect the user to https://webmail.contoso.com/owa.  This all works great out of the box and does not require any extra configuration by the administrator.



User enters http://mail.domain.com in browser



OWA 2013 CAS redirects http://mail.domain.com to https://mail.domain.com/owa


However, a problem occurs when CAS 2013 CU1 is the front end for an Exchange 2010 SP3 mailbox, which would be typical during a coexistence scenario.  CAS 2013 proxies the HTTPS redirected URL that the user first entered (mail.contoso.com, without the /OWA) to CAS 2010, which results in the following experience:



OWA 2010 mailbox proxied through CAS 2013 CU1

I have not tested it, but I expect Exchange 2007 mailbox users proxied by CAS 2013 CU1 will have the same experience.



Microsoft is aware of the issue, which is expected to be fixed in Exchange 2013 CU2, due around July according to the Exchange 2013 Servicing model.



Until CU2 is released, there are a couple of workarounds:

  1. Perform redirection on the load balancer, if available (i.e., redirect all webmail.contoso.com URLs to https://webmail.contoso.com/owa).  This will cause CAS 2013 to redirect the latter URL to CAS 2010 properly.
  2. Disable the new native redirection module and then use old-school redirection, as follows:

  • Open the %systemdrive%\inetpub\wwwroot\web.config file in Notepad and disable the native redirection module by remarking the <modules> section.
Change this section:

<system.webServer>
<modules>
<add name=”OwaUrlModule” type=”Microsoft.Exchange.HttpProxy.OwaUrlModule,Microsoft.Exchange.OwaUrlModule,Version=15.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35″ preCondition=”” />
</modules>
</system.webServer>

to this:

<system.webServer>
<!– <modules>
<add name=”OwaUrlModule” type=”Microsoft.Exchange.HttpProxy.OwaUrlModule,Microsoft.Exchange.OwaUrlModule,Version=15.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35″ preCondition=”” />
</modules> –>
</system.webServer>

  • Save the web.config file.
  • Create a new default.htm file in %systemdrive%\inetpub\wwwroot that contains the following:

<html><meta http-equiv=”REFRESH” content=”0;url=/owa”></HEAD></html>

  • Create a new custom error for HTTP to HTTPS redirection.  Select the Default Web Site in IIS Manager, double-click Error Pages, then click the Add button.
  • Enter 403.4 for the Status Code and select Respond with a 302 redirect.  The enter the Absolute URL as https://webmail.domain.com/owa, using your own OWA FQDN as shown above.
  • Finally, reset IIS using the command IISRESET /NOFORCE /TIMEOUT:120
  • Rinse and repeat for all CAS 2013 CU1 servers.