OWA HTTP to HTTPS autoredirect best method - Exchange 2013 CU23 on Windows Server 2012 R2 (IIS8.5)

BK IT Staff 226 Reputation points

I am willing too to automatically redirect http owa requests to https, to make life easier for my end users.
My environment consists of Exchange 2013 CU23 on WIndows Server 2012 R2 (IIS 8.5).

I have read around of many "ways" to accomplish the task, other than the official one(s) from technet:

1) One is well explained here: https://blog.expta.com/2016/05/redirection-in-exchange-2013-cu6-and.html
It refers specifically to Exchange 2013 CU6+ and 2016. Basically he suggests to create an error page in IIS mmc for the error code 403.4 to answer with a 302 redirect to the correct URL (ie https://mail.contoso.com/owa). The reason is that with this method you don't need to mess with the Exchange virtual directories security settings, inheritance, etc.

2) Than there is this one, written by Ace Fekay: https://blogs.msmvps.com/acefekay/2013/04/16/redirect-owa-exchange-2010-exchange-2013-the-cool-and-easy-method/.
He claims to have had a talk with MS Support for other reasons, and while troubleshooting his issue they debated about the best way to accomplish the http->https autoredirect task. Briefly, they ended up saying that instead of applying settings to the "Default Website" root with the inheritance implications (the need to unset inherited settings on the subfolders where not needed and the risk of messing up things), it's way better to apply the redirect method only to the "iisstart.htm" file.

3) Technet provides two methods, quite similar but not identical.
3a)If you look for Exchange 2013, there is this one: https://learn.microsoft.com/en-us/exchange/simplify-the-outlook-web-app-url-exchange-2013-help
3b)If you look for Exchange 2016 and later, there is this one instead: https://learn.microsoft.com/it-it/exchange/clients/outlook-on-the-web/http-to-https-redirection?view=exchserver-2016
Basically, they differ on the "require ssl" unsetting part, where for 2013 you have been told to just unset the redirect for all the virtual directories that inherited the redirect setting from the root "Default Website"; for Exchange 2016-2019 you should remove both the inherited "redirect" setting on all vdirs and the "Require SSL" setting on all vdirs except for the /owa vdir.

Honeslty, I am quite confused on how to proceed. In the logic of "the simpler the better" I should opt for option 1) or 2). In the logic "follow the Technet bible" I should follow the 3rd option (but which one? 3a or 3b?).

I hope you can kindly give me some hint in order to make the best decision.

Thank you,

Internet Information Services
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,302 questions
{count} votes