Last weekend I spend over 16 hours working on an Exchange mail server migration from a MS Small Business Server to a stand alone Exchange instance on a Dell PowerEdge 2850. It all went relatively smoothly by installing the second Exchange server on the network as a second instance and moving the mailboxes using the wizard. The part that took the most time was moving the Outlook Web Access configuration.
For the record, you cannot run OWA from an instance of IIS other than on the Exchange server itself. But if you have only one public IP address on the firewall/router and have port 80 going to a different web server you can still access OWA on the Exchange server by using SSL port 443. Here’s how (assumes advanced IIS knowledge):
- Using Port Address Translation on your firewall point port 443 to the internal IP address of your Exchange server.
- Port 80 should already be going to your primary web server via PAT entry unless your running it in a DMZ.
- Make sure your external DNS entries contain an entry for the new “webmail” host (an A record or CNAME pointing to the public IP of your firewall/router). ex: webmail.yourdomain.com
- Create a CNAME (alias) in your internal DNS records for “webmail” pointing to the A record for your primary IIS server.
- Create another A record or CNAME entry in your external DNS entries to include the name of the Exchange server. ex: “exchangeserver.yourdomain.com”. You should already have this entry internally or you didn’t set up your Exchange server right.
- On the primary (port 80) IIS server create a new site called “OWA Alias”.
- Create a host header for this site called “webmail.yourdomain.com”.
- In the properties of this site select “Redirect this site to another URL” to a site on port 443 (https://exchangeserver.yourdomain.com).
Now when an internal or external user goes to “webmail.yourdomain.com” they will be redirected to “https://exchangeserver.yourdomain.com”. For users outside of your LAN this will push them back out the firewall and force them to come in over port 443 to the Exchange server. Internal users who type the “webmail.yourdomain.com” into a browser will be redirected to the https://exchangeserver.yourdomain.com as well thus providing a URL required for the certificate.
Note: you should always run OWA with a certificate so make sure ones installed for the “Default” site for the instance of IIS on the Exchange server. This certificate can come from a public Certificate Authority or can be generated by Microsoft Certificate Services running on the Exchange server itself. Because of the detail involved I won’t get into certificate issuance in this post. Pay close attention to the name of the host when generating the certificate request. It should be the same as the https host name (https://exchangeserver.yourdomain.com in my example).