Default Authentication Settings for Exchange-related Virtual Directories

  • Article

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

The installation of Microsoft Exchange Server 2007 automatically configures several Internet Information Services (IIS) virtual directories, as appropriate for the particular Exchange role or roles that are installed.

This topic discusses the default settings for the Exchange-related virtual directories. Specifically, this topic contains information about the default authentication settings and about the default SSL settings.

Windows Server 2008

Client Access Server Role

The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments

Default Web Site

  • Anonymous authentication

  • SSL required

  • Require 128-bit encryption

The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.

aspnet_client

  • Anonymous authentication

  • SSL required

  • Require 128-bit encryption

  

Autodiscover

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Shell.

EWS

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

  

owa

  • Basic authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Exchange

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Public

  • Basic authentication

  • Windows authentication

  • Not required

Authentication management should be performed by using the Exchange Management Console.

Exchweb

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

OAB

  • Windows authentication

Not required

Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

UnifiedMessaging

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

  

Microsoft-Server-ActiveSync

  • Basic authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

Rpc

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.

RpcWithCert

By default, all authentication methods are disabled

SSL required

Authentication management should be performed by using the Exchange Management Shell.

Mailbox Server Role

The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments

Default Web Site

Anonymous

Not required

  

Exadmin

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

  

Exchange

  • Basic authentication

  • Windows authentication

Not required

Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

Public

  • Basic authentication

  • Windows authentication

Not required

Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

Windows Small Business Server 2008

The following table lists the default Exchange 2007 IIS settings on a Windows SBS 2008-based server.

Virtual directory Authentication method SSL settings Additional comments

Default Web Site

  • Anonymous authentication

Not required

  

aspnet_client

  • Anonymous authentication

Not required

  

Autodiscover

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Shell.

EWS

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

  

Exadmin

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

  

Exchange

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Exchweb

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Microsoft-Server-ActiveSync

  • Basic authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.

OAB

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

owa

  • Basic authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Public

  • Basic authentication

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Rpc

  • Basic authentication

  • Windows authentication

Not required

Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.

RpcWithCert

By default, all authentication methods are disabled

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Shell.

UnifiedMessaging

  • Windows authentication

  • SSL required

  • Require 128-bit encryption

  

Windows Server 2003

Client Access Server role

The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments

Default Web Site

Anonymous authentication

  • SSL required

  • Require 128-bit encryption

The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.

aspnet_client

Anonymous authentication

  • SSL required

  • Require 128-bit encryption

  

Autodiscover

  • Anonymous authentication

  • Integrated Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Shell.

EWS

Integrated Windows authentication

  • SSL required

  • Require 128-bit encryption

  

owa

Basic authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Exchange

  • Basic authentication

  • Integrated Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Public

  • Basic authentication

  • Integrated Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

Exchweb

  • Basic authentication

  • Integrated Windows authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console.

OAB

  • Integrated Windows authentication

Not required

Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.

UnifiedMessaging

  • Integrated Windows authentication

  • SSL required

  • Require 128-bit encryption

  

Microsoft-Server-ActiveSync

  • Basic authentication

  • SSL required

  • Require 128-bit encryption

Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

Mailbox Server role

The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments

Default Web Site

Anonymous

Not required

  

Exadmin

  • Basic authentication

  • Integrated Windows authentication

  • SSL required

  • Require 128-bit encryption

  

Exchange

  • Basic authentication

  • Integrated Windows authentication

Not required

Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

Public

  • Basic authentication

  • Integrated Windows authentication

Not required

Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.

For More Information

For more information about how to reinstall IIS on a computer that is running Exchange 2007, see Microsoft Knowledge Base article 320202, How to remove and to reinstall IIS on a computer that is running Exchange Server.