Default settings for Exchange-related virtual directories in Exchange Server 2007


One of the most common questions I’m asked is if we have any resources that document the default settings for the Exchange-related virtual directories in Exchange 2007 – specifically with regards to the authentication and SSL settings. This aims to address that need should you find yourself in a situation where these settings have been inadvertently modified with the end result being an undesirable behavior in Exchange 2007. These settings hold true for both Exchange 2007 RTM and Service Pack 1.

We begin with the default settings on a standalone Client Access Server, followed by the settings on a standalone Mailbox server:

Exchange 2007 Client Access Server

Location

Authentication

SSL Setting

Comments

Default Web Site

Anonymous

Required

"Enable HTTP Keep-Alives" setting should be enabled on Web Site tab

/Owa

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Exchange

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Public

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Exchweb

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Oab

Integrated

Not required

 

/Autodiscover

Basic and Integrated

Required

 

/Ews

Integrated

Required

 

/UnifiedMessaging

Integrated

Required

 

/Microsoft-Server-Activesync

Basic

Required

Management of authentication setting should be done in Exchange Management Console

/Rpc

Basic and Integrated

Required

Technically, this is a Windows component but I’ve added it here since Outlook Anywhere depends on the installation of this virtual directory

Exchange 2007 Mailbox Server

Location

Authentication

SSL Setting

Comments

Default Web Site

Anonymous

Not required

 

/Exadmin

Basic and Integrated

Not required

 

/Exchange

Basic and Integrated

Not required

Management of authentication setting should be done in Exchange Management Console

/Public

Basic and Integrated

Not required

Management of authentication setting should be done in Exchange Management Console

Joe Turick


Share this post :


Comments (5)
  1. nerdyberdyboy says:

    ahh, I had a massive issue this week, which I finally fixed, then this come out the next day.

    One thing I don’t understand, is why it’s reported CAS-MB is RPC, but you still need the virtual directories when going from CAS-MB. Are there any articles, detailing what’s really going on and the lines of traffic when a users hits CAS1 which then gets the mail from MB1?

  2. bday says:

    If I understand right, CAS to MBX in the same AD Site is MAPI/RPC, but CAS to MBX in a different AD site is HTTP.

  3. Tony Woodruff says:

    Great post!  I would just add that with IIS-6 and the XML metabase with it’s automatic, menu-driven backups, it is trivial to make a baseline backup of the metabase for comparision purposes while a server is functioning properly.

    While many of the settings above must be managed/changed from within the Exchange Management Console, a malfunctioning XML metabase can be easily compared to the baseline when troubleshooting using readily available text-file compare tools.

    I have found this feature quite useful in our environment.

  4. aaronmarks says:

    Does the HTTP keep-alive value affect Microsoft Exchange Active Sync Direct Push?  I have frequent problems with my handheld clients getting disconnected after just a few minutes and not staying "connected’ and as a result their mail is not very "pushed".  Often times messages will show up 10 minutes late on the WM6 phones.

    Thanks for the great post!

Comments are closed.