Blog Post

Exchange Team Blog
7 MIN READ

Configuring Multiple OWA/ECP Virtual Directories on the Exchange 2013 Client Access Server Role

The_Exchange_Team's avatar
The_Exchange_Team
Icon for Microsoft rankMicrosoft
Feb 11, 2015
  6/17/2019 - We have some updated info relevant to this blog post - https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Monitoring-Exchange-using-Multiple-OWA-ECP-Virtual-Directories/ba-p/69...
Updated Jul 01, 2019
Version 3.0
Client Access
Exchange 2013
on premises
OWA
Planning and Architecture
protocols
setup
Tips 'n Tricks
Deleted's avatar
Deleted
Jan 01, 1970
Thanks for the details. One question though: how is this any better than using IP restrictions in IIS to restrict the ECP site to internal subnets?


I'm far from an expert, but from what I can tell, using IIS IP restrictions to limit ECP to internal addresses has two strikes against it:

1. The ECP site is still available from the outside, but the authentication fails. It effectively blocks the ECP site from being seen from the outside, but it's sloppy.

2. External OWA users can't manage their settings (OOO, signatures, etc) because OWA uses ECP to manage those.


It seems to me like the method in this blog post would solve issue #1 by making the ECP completely unavailable from the outside, but issue #2 would still exist. And with this method you would have to re-deploy with each new CU/SP, and that seems just as sloppy

if not more than issue #1 above.


Am I thinking correctly here, or am I missing something? (probably the latter. =)