You Had Me At EHLO... : Default settings for Exchange-related virtual directories in Exchange Server 2007

Welcome to Exchange Team Blog Sign in | Join | Help

Blogs

Videos

Photos

Files

Syndication

This Blog

Post Categories

Default settings for Exchange-related virtual directories in Exchange Server 2007

One of the most common questions I'm asked is if we have any resources that document the default settings for the Exchange-related virtual directories in Exchange 2007 - specifically with regards to the authentication and SSL settings. This aims to address that need should you find yourself in a situation where these settings have been inadvertently modified with the end result being an undesirable behavior in Exchange 2007. These settings hold true for both Exchange 2007 RTM and Service Pack 1.

We begin with the default settings on a standalone Client Access Server, followed by the settings on a standalone Mailbox server:

Exchange 2007 Client Access Server

Location

Authentication

SSL Setting

Comments

Default Web Site

Anonymous

Required

"Enable HTTP Keep-Alives" setting should be enabled on Web Site tab

/Owa

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Exchange

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Public

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Exchweb

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Oab

Integrated

Not required

/Autodiscover

Basic and Integrated

Required

/Ews

Integrated

Required

/UnifiedMessaging

Integrated

Required

/Microsoft-Server-Activesync

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Rpc

Basic and Integrated

Required

Technically, this is a Windows component but I've added it here since Outlook Anywhere depends on the installation of this virtual directory

Exchange 2007 Mailbox Server

Location

Authentication

SSL Setting

Comments

Default Web Site

Anonymous

Not required

/Exadmin

Basic and Integrated

Not required

/Exchange

Basic and Integrated

Not required

Management of authentication setting should be done in Exchange Management Console

/Public

Basic and Integrated

Not required

Management of authentication setting should be done in Exchange Management Console

- Joe Turick

Share this post :

Published Friday, February 01, 2008 11:27 AM by Exchange
Filed Under: Tips 'n Tricks, Exchange 2007, Security, Role: Mailbox, Role: Client Access

Comments

	nerdyberdyboy said: ahh, I had a massive issue this week, which I finally fixed, then this come out the next day. One thing I don't understand, is why it's reported CAS-MB is RPC, but you still need the virtual directories when going from CAS-MB. Are there any articles, detailing what's really going on and the lines of traffic when a users hits CAS1 which then gets the mail from MB1? February 1, 2008 10:52 PM
	bday said: If I understand right, CAS to MBX in the same AD Site is MAPI/RPC, but CAS to MBX in a different AD site is HTTP. February 3, 2008 12:26 AM
	Mike Lagase said: bday, You are right on the money. See http://technet.microsoft.com/en-us/library/bb310763.aspx and http://msexchangeteam.com/archive/2007/09/04/446918.aspx for all of the gory details. February 3, 2008 10:34 PM
	Tony Woodruff said: Great post! I would just add that with IIS-6 and the XML metabase with it's automatic, menu-driven backups, it is trivial to make a baseline backup of the metabase for comparision purposes while a server is functioning properly. While many of the settings above must be managed/changed from within the Exchange Management Console, a malfunctioning XML metabase can be easily compared to the baseline when troubleshooting using readily available text-file compare tools. I have found this feature quite useful in our environment. February 4, 2008 11:37 AM
	aaronmarks said: Does the HTTP keep-alive value affect Microsoft Exchange Active Sync Direct Push? I have frequent problems with my handheld clients getting disconnected after just a few minutes and not staying "connected' and as a result their mail is not very "pushed". Often times messages will show up 10 minutes late on the WM6 phones. Thanks for the great post! February 12, 2008 3:06 AM

New Comments to this post are disabled

News

This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Use of any included script samples are subject to the terms specified in the Terms of Use.

New! Would you like to suggest a topic for the Exchange team to blog about? Send suggestions to us.

Syndication

This Blog

Post Categories

Archives

Default settings for Exchange-related virtual directories in Exchange Server 2007

Comments

nerdyberdyboy said:

bday said:

Mike Lagase said:

Tony Woodruff said:

aaronmarks said:

News

Poll:

Other Exchange Blogs from MSFT

Other Cool Places

International

[MS] Exchange Blogs

[MVP/Community] Blogs/Sites