Script to configure Exchange Server 2010 for SSLOffloading

2011-09-26 5 Comments

When using a hardware load balancer you sometimes come across the need of configuring Exchange Server to support SSLOffloading. In my case I use a Citrix Netscaler to publish Exchange Server in a scenario where I have enabled SSLOffloading in the Citrix Netscaler. So, in order for this to work configuration changes needs to be done in Exchange Server 2010.

The script below configures both Exchange 2010 RTM and SP1, it also configures basic authentication in IIS for ECP, EWS and OWA.

#
# This script will configure the Exchange 2010 RTM and SP1 Client Access Servers for SSLOffload
# It applies when using Hardware loadBalancer with SSLOffloading enabled
#
# Created by Martin Sundström 2011-09-26
#
#---------------------------------------------------------------------------------------------------------------------------------------------------------
Write-Host -f DarkGray "This script will configure the Exchange 2010 RTM and SP1 Client Access Servers for SSLOffload"

# Set SSLOffload registry key for OWA 
Write-Host -f DarkGray -f DarkGray "Setting SSLOffload registry key for OWA..."

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name SSLOffloaded -Value 1 -PropertyType DWORD 

Write-Host -f DarkGray -f DarkGray "Done!"
Write-Host -f DarkGray -f DarkGray ""


# Assign Static Ports"
Write-Host -f DarkGray "Assigning static ports..."

# Assign Static Port for MSExchangeAB 
New-Item -Path HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeAB -Name Parameters -Type Directory
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters -Name RpcTcpPort -Value 60000 -PropertyType String 

# Assign Static Port for MSExchangeRPC 
New-Item -Path HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC -Name ParametersSystem -Type Directory
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem -Name "TCP/IP Port" -PropertyType DWORD -Value 59532

Write-Host -f DarkGray "Done!"
Write-Host -f DarkGray ""


# Disable RequireSSL on websites
Write-Host -f DarkGray "Disabling RequireSSL on websites..."

."$($env:windir)\system32\inetsrv\appcmd" set config "Default Web Site" -commitPath:APPHOST -section:access -sslFlags:None -section:basicAuthentication -enabled:true
."$($env:windir)\system32\inetsrv\appcmd" set config "Default Web Site/Autodiscover" -commitPath:APPHOST -section:access -sslFlags:None 
."$($env:windir)\system32\inetsrv\appcmd" set config "Default Web Site/ecp" -commitPath:APPHOST -section:access -sslFlags:None -section:basicAuthentication -enabled:true
."$($env:windir)\system32\inetsrv\appcmd" set config "Default Web Site/EWS" -commitPath:APPHOST -section:access -sslFlags:None -section:basicAuthentication -enabled:true
."$($env:windir)\system32\inetsrv\appcmd" set config "Default Web Site/Microsoft-Server-ActiveSync" -commitPath:APPHOST -section:access -sslFlags:None 
."$($env:windir)\system32\inetsrv\appcmd" set config "Default Web Site/owa" -commitPath:APPHOST -section:access -sslFlags:None -section:basicAuthentication -enabled:true
."$($env:windir)\system32\inetsrv\appcmd" set config "Default Web Site/rpc" -commitPath:APPHOST -section:access -sslFlags:None 

Write-Host -f DarkGray "Done!"
Write-Host -f DarkGray ""


# Configure Outlook Anywhere
Write-Host -f DarkGray "Configure Outlook Anywhere"

$enabled = Get-OutlookAnywhere -Identity "$($env:COMPUTERNAME)\RPC*" 
	
If ($enabled) 
{
	Set-OutlookAnywhere -Identity "$($env:COMPUTERNAME)\RPC*" -SSLOffloading $true
} 
Else 
{
	Write-Host -f DarkGray "Configure Outlook Anywhere and remember to check the box to enable SSL Offloading"
} 

Write-Host -f DarkGray "Done!"
Write-Host -f DarkGray ""
	

# This part of the script only applies to Exchange Server 2010 RTM, a version check will be made:
$VersionCheck = ((get-exchangeserver -identity ($env:COMPUTERNAME)).AdminDisplayVersion | Out-String ).StartsWith("Version 14.1")

If ($VersionCheck = $False)
{
	# Configure web.config files
	Write-Host -f DarkGray "Configuring web.config files for RTM..."

	$path = (Get-AutodiscoverVirtualDirectory -Server ($env:COMPUTERNAME)).Path
	(Get-Content $path\web.config) | Foreach-Object {$_ -replace "httpsTransport", "httpTransport"}  | Set-Content $path\web.config
	
	$path = (Get-WebServicesVirtualDirectory -Server ($env:COMPUTERNAME)).Path 
	(Get-Content $path\web.config) | Foreach-Object {$_ -replace "httpsTransport", "httpTransport"} | Set-Content $path\web.config  

	Write-Host -f DarkGray "Done!"
	Write-Host -f DarkGray ""
}


# Run IISReset
Write-Host -f DarkGray "Running `"iisreset`" to complete the process..."

iisreset

Write-Host -f DarkGray ""

Feel free to use and edit as you need and don’t hesitate to drop a comment if you find any errors or have any questions!

About these ads

Filed under Exchange 2010 Tagged with , , , , , , , ,

5 Responses to Script to configure Exchange Server 2010 for SSLOffloading

  1. youmob.com says:
    2012-12-15 at 10:31

    Every weekend i used to visit this site, as i want enjoyment, as this this web site conations
    really nice funny material too.

    Reply
  2. Evelyne says:
    2013-03-14 at 22:12

    I will immediately take hold of your rss feed as I can not to find your email subscription link or newsletter service.
    Do you have any? Please let me recognize in order
    that I may subscribe. Thanks.

    Reply
  3. no deposit casino codes says:
    2013-04-21 at 00:25

    This piece of writing is genuinely a good one it helps new the web users, who are
    wishing for blogging.

    Reply
  4. www.mes-smoothies.fr says:
    2013-04-24 at 07:51

    Greetings, I’m Shayna and I’m really glad that
    I found wordpress.com. If you don’t mind, I just have one quick question. What do you do to clear your thoughts and find your center of focus before you sit down to write? I have had problems with clearing my mind in order to get my ideas out. I love writing once I get into the act, but in most cases I feel as if I end up wasting the first 10 to fifteen minutes forcing myself to focus. Do you have any suggestions or techniques?

    Reply
  5. Seo Consulting says:
    2013-05-08 at 04:12

    Generally, most limited liability methods are divided into on-page
    or off-page techniques, and both need to be employed. What better method to know if
    the business has excellent track record than to Google
    their name? Even if you follow all the rules correctly and your tactics are perfectly aligned with Google’s requirements, what if the rules are changed suddenly? If you are the plain old Limited Liability guy who isn’t aware of Google’s content requirements, you’d
    probably go with keyword-rich titles, keyword meta tags, and descriptions.
    I feel like I’m in a dream.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 31 other followers

%d bloggers like this: