Great blog post on redirecting OWA URL’s for Exchange 2010 on WS08 R2, tested and it works.

http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/

With Small Business Server 2008, you have the option to use a third party SSL certificate or the default self-signed SSL certificate. By default the self-signed certificate is valid for two years, but how to you renew it without interrupting OWA, Outlook, and Exchange? When the certificate is expired, Outlook 2007/2010 will give you an error message when opening, that the certificate is not valid. Here are the steps to fix it.

1. Goto the Windows SBS Console, click on Network Tab, then Connectivity Tab
2. Click on the certificate icon, then click the “view certificate properties” in the right pane. In the General tab of the new window, it will show the dates that the self-signed certificate is valid for.
3. In the “Connectivity Tasks” area, click “setup your Internet address”, go through the wizard to renew your self-signed SSL certificate.
4. When you now check the certififcate properties, you will see that it is now valid for another two more years.

Thawte now is conforming to the new 2048 bit standard for their SSL certificates, which will require you to install two intermediate certificates on your server before they work and is validated. Below are the links to the articles and intermediate certificates. Download both certificates and import them into the “Intermediate Certificate Authority” in the Certificates MMC.

Thawte Intermediate and Cross Root CAs - link

Primary and Secondary Intermediate CAs - link

While going through a vulnerability scan for PCI compliancy, the report noted that IIS 7 on a Small Business Server 2008 was still using SSL v2.0 instead of SSL 3.0 or TLS 1.0. To disable SSL v2.0:

1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key:HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK.Note If this value is present, double-click the value to edit its current value.
6. Type 00000000 in Binary Editor to set the value of the new key equal to “0″.
7. Click OK. Restart the computer.

IIS negotiates the encryption with the client browser. An attacker could use a tool that tells the server it has only sslv2 (which is weaker) available. If you disable sslv2 it only uses v3 or tls, as requested by browser. A browser only supporting sslv2 would fail.

 This applies to Windows Server 2003, and Windows Server 2008, and both versions of SBS.

http://support.microsoft.com/default.aspx?scid=kb;en-us;187498

First, to find the identifier of a IIS website, you simply need to click the “Websites” folder in the left side of the IIS Manager windows.   The right pane will list the websites on the server and their respective identifiers.  If you need to change one, use the following three commands (assuming the current id is 1 and you want to change it to 2):

CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\adsutil.vbs STOP_SERVER W3SVC/1
CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\adsutil.vbs MOVE W3SVC/1 W3SVC/2
CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\adsutil.vbs START_SERVER W3SVC/2