IIS Server Security, IIS 6 Redirection with Exchange 2003

Hi there,

I have an SSL-enabled mail server at https://webmail.mycompany.com/exchange.
Works great. When I follow the directions at
http://support.microsoft.com/default.aspx?scid=kb;en-us;279681 for
automatically redirecting users who type http: instead of https:, if I try
to test it out, I get a big fat error message on my test machine about
something relating to a problem with my Application Pool.

My IIS 6 is an out of the box setup, with Exchange 2003 set up as a
front-end server.

Any ideas?

Thanks.

Perhaps if you posted the "big fat error message" that's "about something
relating to a problem with my Application pool"...we might be able to help
you out.

Otherwise, in response to your generic symptoms, all I can give is a generic
response: I suggest that there is something wrong...

Cheers
Ken




: Hi there,
:
: I have an SSL-enabled mail server at
https://webmail.mycompany.com/exchange.
: Works great. When I follow the directions at
: http://support.microsoft.com/default.aspx?scid=kb ;en-us;279681 for
: automatically redirecting users who type http: instead of https:, if I try
: to test it out, I get a big fat error message on my test machine about
: something relating to a problem with my Application Pool.
:
: My IIS 6 is an out of the box setup, with Exchange 2003 set up as a
: front-end server.
:
: Any ideas?
:
: Thanks.
:
:

This is a generic problem that we are aware of with IIS6 and Application
Pool isolation. There's no real solution to it (i.e. you can't always just
take some previous KB, follow it verbatim, and have it work on IIS6), but
some work-arounds can be applied based on principle.

The problem comes about because IIS6 does not allow a request to execute
between Application Pool boundaries. /Exchange is probably in a different
application pool than /owaasp, and when you tried to configure a Custom
Error URL which crosses this boundary, you're going to get the 403 error you
see. There is no solution to this behavior.

The work-around would be to move the custom error URL into the same
application pool as the original target. i.e. make /owaasp use the same
Application Pool as /Exchange.

The implications of this workaround is this:
If you have >1 Application Pool, you cannot have a single global custom
error URL that works for everyone. You will need to individually configure
separate custom error URL for each Application Pool. Note that I say URL
and not File -- you can have a bunch of vdirs pointing to the exact some
physical ASP page (each vdir is a different URL in a different Application
Pool). This is just a maintenance chore of the custom error URL that
depends linearly on the number of Application Pools that you're running.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//


Hi there,

I have an SSL-enabled mail server at https://webmail.mycompany.com/exchange.
Works great. When I follow the directions at
http://support.microsoft.com/default.aspx?scid=kb ;en-us;279681 for
automatically redirecting users who type http: instead of https:, if I try
to test it out, I get a big fat error message on my test machine about
something relating to a problem with my Application Pool.

My IIS 6 is an out of the box setup, with Exchange 2003 set up as a
front-end server.

Any ideas?

Thanks.

Fair enough.

The message is "The specified request cannot be executed from current
Application Pool." If I run the .ASP file directly, (that is, I type:
http://webmail.mycompany.com/owaasp/owahttps.asp ) then it redirects me
properly.

It's when /owaasp/owahttps.asp is run during the 403.4 event that yields
the Application Pool error. How I repeat the error is to type in the
following address: http://webmail.mycompany.com/exchange instead of using
https, with the desired behavior is to redirect me to
https://webmail.mycompany.com/exchange instead I get this error.




generic


try

Ah - define the custom error page as a page in the same application pool as
where the error is occuring.

I think what is happening is that /exchange is in one application pool, and
/owaasp is another application pool. And when a 403.4 error occurs in the
/exchange app, you're trying to call a page that's located in another app. I
don't think that works.

What i think you need to do is set the custom error page as a URL in the
same app pool that the error is occuring in.

Cheers
Ken



: Fair enough.
:
: The message is "The specified request cannot be executed from current
: Application Pool." If I run the .ASP file directly, (that is, I type:
: http://webmail.mycompany.com/owaasp/owahttps.asp ) then it redirects me
: properly.
:
: It's when /owaasp/owahttps.asp is run during the 403.4 event that yields
: the Application Pool error. How I repeat the error is to type in the
: following address: http://webmail.mycompany.com/exchange instead of using
: https, with the desired behavior is to redirect me to
: https://webmail.mycompany.com/exchange instead I get this error.
:
:


: > Perhaps if you posted the "big fat error message" that's "about
something
: > relating to a problem with my Application pool"...we might be able to
help
: > you out.
: >
: > Otherwise, in response to your generic symptoms, all I can give is a
: generic
: > response: I suggest that there is something wrong...
: >
: > Cheers
: > Ken
: >
: >


: > : Hi there,
: > :
: > : I have an SSL-enabled mail server at
: > https://webmail.mycompany.com/exchange.
: > : Works great. When I follow the directions at
: > : http://support.microsoft.com/default.aspx?scid=kb ;en-us;279681 for
: > : automatically redirecting users who type http: instead of https:, if I
: try
: > : to test it out, I get a big fat error message on my test machine about
: > : something relating to a problem with my Application Pool.
: > :
: > : My IIS 6 is an out of the box setup, with Exchange 2003 set up as a
: > : front-end server.
: > :
: > : Any ideas?
: > :
: > : Thanks.
: > :
: > :
: >
: >
:
:

Thanks Ken, that fixed it up :)



as
and
I


yields
using




I
about