locked
URL Rewrite and Outlook Web access RRS feed

  • Question

  • User1402749851 posted

    Hi,

    I have an already existing SBS 2003 with Exchange 2003 and outlook web access enabled on "server1"

    using https://server1/exchange internally, i can use the outlook web access. server1 is not accessible from the internet.

    Now I have set up a Win2K8x64 R2 as a Terminal Server Gateway "server2", which is accessible via the internet. I installed ARRv2_setup_x64 there and enabled the proxy function.

    I only have 1 public IP adress available, I would like to reach the outlook web access by using the URL rewrite on the IIS7 of the server2.

    Idea is, if I reach the server2 via https://www.example.com, i would like to rewrite a https://www.example.com/exchange internally to https://server1/exchange

    I created 2 rules for that:

    pattern ^exchange

    action: rewrite

    Rewrite URL: https://server1/exchange

    pattern ^exchweb

    action: rewrite

    Rewrite URL: https://server1/exchweb

    This does not work.

    The logfile of the IIS on server2 shows:

    2009-11-21 18:14:49 192.168.24.103 GET /exchange X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=7417feeb-1d83-41f8-a515-c9802a2750bf 443 - 91.56.110.228 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+3.5.21022;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+OfficeLiveConnector.1.3;+OfficeLivePatch.0.0) 302 0 0 31
    2009-11-21 18:14:49 192.168.24.103 GET /exchweb/bin/auth/owalogon.asp url=https://server1/exchange&reason=0&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=6ae3a028-4e37-40bb-9d70-0c7e7c03267b 443 - 91.56.110.228 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+3.5.21022;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+OfficeLiveConnector.1.3;+OfficeLivePatch.0.0) 301 0 0 15
    2009-11-21 18:14:49 192.168.24.103 GET /exchweb/ url=https://server1/exchange&reason=0&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=48ff8779-ce57-4791-9c42-b28a8b0d1fe4 443 - 91.56.110.228 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+3.5.21022;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+OfficeLiveConnector.1.3;+OfficeLivePatch.0.0) 301 0 0 31

    I guess, there are some rules missing?

    Anybody who has this scenario with outlook web access on one server and a IIS7 on another server with reverse proxy function?

    Saturday, November 21, 2009 1:20 PM

All replies

  • User1402749851 posted

    I did more tests and also wrote a outbound rule. When you request /exchange

    You get a 301 response, that redirects to:

    https://www.example.com/exchweb/bin/auth/owalogon.asp?url=https://server1/exchange&reason=0

    This redirection was wrong, my new outbound rule modifies this redir to:

    https://www.example.com/exchweb/bin/auth/owalogon.asp?url=https://www.example.com/exchange&reason=0

    This line appears on the browser, but the final response is a 404 from the webserver on server2 (the gateway server with IIS7). The URL is absolutely correct, but I am not sure, if it internally goes to the server1....

    My question is: how do I trace this problem? Which logfiles shoud I read? Is it possible to trace the rewrite process where you can see the before and after images of the URL?

    Thanks for any help.

    Monday, November 23, 2009 3:58 PM
  • User-1637866776 posted

    Try using WFetch instead of the browser. Also enable Failed Request Tracing to see how the rewrite logic is applied.

    Tuesday, November 24, 2009 1:21 PM
  • User1402749851 posted

     Hi,

    I switched on the failed request tracing and I get a strange rewrite action, which I do not understand:

    Rule Evaluation Start

    RuleName OWAlogon

    RequestURL exchweb/bin/auth/owalogon.asp
    QueryString url=https://www.example.com/exchange&reason=0
    PatternSyntax 0
    StopProcessing false
    RelativePath /
    PatternSyntax ECMAScript


    Pattern Match
    Pattern ^exchweb/(.*)?url=https://www.example.com/(.*)
    InputURL exchweb/bin/auth/owalogon.asp
    Negate false
    Matched true


    Rewrite Action:
    Substitution https://server1/exchweb/{R:1}?url=https://server1/{R:2}
    RewriteURL https://server1/exchweb/?url=https://server1/
    AppendQueryString false
    LogRewrittenURL true


    The R:1 and R:2 seem to be empty?
    I do not understand this, all the other rules work fine with {R:?} and (.*)

     

    Friday, November 27, 2009 6:29 PM
  • User-1637866776 posted

    Can you please post the rewrite rules as they are in the web.config file? This trace statement looks strange: the pattern should never match this input URL, but it has matched for some reason. 

    Pattern Match
    Pattern ^exchweb/(.*)?url=https://www.example.com/(.*)
    InputURL exchweb/bin/auth/owalogon.asp
    Negate false
    Matched true

    Friday, December 4, 2009 5:48 PM
  • User1402749851 posted

    Hello,

    Problem is solved. 

    My general problem was, that (by default) there is some security setting enabled, which prevents URLs to be executed, if they reference something with "bin" in the path. This  caused the strange behaviour with the "exchweb/bin/...." URL.

    I now have disabled this in the web.config:

            <security>
                <requestFiltering>
                    <hiddenSegments>
                        <remove segment="bin" />
                    </hiddenSegments>
                </requestFiltering>
            </security>

    --> my final rules for Outlook web access are posted in my other post in this forum.

    This post can be closed now.

    Thanks!!

     

    Sunday, December 13, 2009 10:52 AM