Memorise

Default Authentication Settings for Exchange-related Virtual Directories

Topic Last Modified: 2010-09-20

The installation of Microsoft Exchange Server 2007 automatically configures several Internet Information Services (IIS) virtual directories, as appropriate for the particular Exchange role or roles that are installed.

This topic discusses the default settings for the Exchange-related virtual directories. Specifically, this topic contains information about the default authentication settings and about the default SSL settings.

The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments
Default Web Site
  • Anonymous authentication
  • SSL required
  • Require 128-bit encryption
 The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.
aspnet_client
  • Anonymous authentication
  • SSL required
  • Require 128-bit encryption
Autodiscover
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Shell.
EWS
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
owa
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Exchange
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Public
  • Basic authentication
  • Windows authentication
  • Not required
 Authentication management should be performed by using the Exchange Management Console.
Exchweb
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
OAB
  • Windows authentication
 Not required Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
UnifiedMessaging
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Microsoft-Server-ActiveSync
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Rpc
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.
RpcWithCert By default, all authentication methods are disabled SSL required Authentication management should be performed by using the Exchange Management Shell.

The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments
Default Web Site Anonymous Not required
Exadmin
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Exchange
  • Basic authentication
  • Windows authentication
 Not required Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Public
  • Basic authentication
  • Windows authentication
 Not required Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

The following table lists the default Exchange 2007 IIS settings on a Windows SBS 2008-based server.

Default Exchange-related IIS authentication and SSL settings.

Virtual directory Authentication method SSL settings Additional comments
Default Web Site
  • Anonymous authentication
 Not required
aspnet_client
  • Anonymous authentication
 Not required
Autodiscover
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Shell.
EWS
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Exadmin
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Exchange
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Exchweb
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Microsoft-Server-ActiveSync
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.
OAB
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
owa
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Public
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Rpc
  • Basic authentication
  • Windows authentication
 Not required Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.
RpcWithCert By default, all authentication methods are disabled
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Shell.
UnifiedMessaging
  • Windows authentication
  • SSL required
  • Require 128-bit encryption

The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments
Default Web Site Anonymous authentication
  • SSL required
  • Require 128-bit encryption
 The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.
aspnet_client Anonymous authentication
  • SSL required
  • Require 128-bit encryption
Autodiscover
  • Anonymous authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Shell.
EWS Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
owa Basic authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Exchange
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Public
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
Exchweb
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console.
OAB
  • Integrated Windows authentication
 Not required Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.
UnifiedMessaging
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Microsoft-Server-ActiveSync
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
 Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Additional comments
Default Web Site Anonymous Not required
Exadmin
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Exchange
  • Basic authentication
  • Integrated Windows authentication
 Not required Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Public
  • Basic authentication
  • Integrated Windows authentication
 Not required Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.

Microsoft Exchange Server 2010 automatically configures multiple Internet Information Services (IIS) virtual directories during installation. This topic contains information about the default IIS authentication settings and default Secure Sockets Layer (SSL) settings for the Client Access and Mailbox server roles.

The following table lists the default settings on a stand-alone Exchange 2010 Client Access server.

Default Client Access server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Management method
Default Web site
  • Anonymous
  • Required
 IIS ,management console
aspnet_client
  • Anonymous authentication
  • SSL required
  • Requires 128-bit encryption
 IIS management console
Autodiscover
  • Anonymous authentication
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
 Exchange Management Shell (Shell)
ecp
  • Anonymous authentication
  • Basic authentication
  • SSL required
  • Requires 128-bit encryption
 Exchange Management Console (EMC) or Shell
EWS
  • Anonymous authentication
  • Windows authentication
  • SSL required
  • Requires 128-bit encryption
 Shell
Microsoft-Server-ActiveSync
  • Basic authentication
  • SSL required
  • Requires 128-bit encryption
 EMC or Shell
OAB
  • Windows authentication
  • Not required
 EMC or Shell
owa
  • Basic
  • SSL required
  • Requires 128-bit encryption
 EMC or Shell
Powershell
  • Anonymous authentication
  • Not required
 Shell
Rpc
  • Basic authentication
  • Windows authentication
  • SSL required
  • Requires 128-bit encryption
 Shell
RpcWithCert By default, all authentication methods are disabled
  • Required
  

The following table lists the default settings on a stand-alone Exchange 2010 mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory Authentication method SSL settings Management method
Default Web site
  • Anonymous authentication
  • SSL required
  • Requires 128-bit encryption
 This virtual directory isn’t configurable by the user.
PowerShell
  • Anonymous authentication
  • Not required
 Shell.

Share your thoughts

Net Use Command examples

To assign the disk-drive device name E: to the Letters shared directory on the \\Fin server, type:

net use e: \\fin\letters

To assign (map) the disk-drive device name M: to the directory Mike within the Letters volume on the \\Fin NetWare server, type:

net use m: \\fin\letters\mike

To connect the user identifier Dan as if the connection were made from the Accounts domain, type:

net use d:\\server\share /USER:Accounts\Dan

To disconnect from the \\Fin\Public directory, type:

net use f: \\fin\public /DELETE

To connect to the resource memos shared on the \\Fin 3 server, type:

net use k: “\\fin 3″ \memos

To restore the current connections at each logon, regardless of future changes, type:

net use /PERSISTENT:yes

 

Share your thoughts

How to Determine the Minimum Staging Area DFSR Needs for a Replicated Folder

How do you find these X largest files? With PowerShell

Use a PowerShell script to find the 32 or 9 largest files and determine how many gigabytes they add up to. I am actually going to present you with three PowerShell scripts. Each is useful on its own; however, number 3 is the most useful.

1. Run:

Get-ChildItem c:\temp -recurse | Sort-Object length -descending | select-object -first 32 | ft name,length -wrap –auto

This command will return the file names and the size of the files in bytes. Useful if you want to know what 32 files are the largest in the Replicated Folder so you can “visit” their owners.

2. Run:

Get-ChildItem c:\temp -recurse | Sort-Object length -descending | select-object -first 32 | measure-object -property length –sum

This command will return the total number of bytes of the 32 largest files in the folder without listing the file names.

3. Run:

$big32 = $foo = Get-ChildItem c:\temp -recurse | Sort-Object length -descending | select-object -first 32 | measure-object -property length –sum

$big32.sum /1gb

This command will get the total number of bytes of 32 largest files in the folder and do the math to convert bytes to gigabytes for you. This command is two separate lines. You can paste both them into the PowerShell command shell at once or run them back to back.

Share your thoughts

Reclaiming disk space from “system volume information”

Windows saves information related to system restore inside that place and it is used when you actually perform a restoration. But when struggling for more disk space, I am sure you wouldn’t mind doing a trade off between what portion of your disk you want to give away for that purpose and what portion you want to keep for yourself.

Now here are some commands that you could use in the Command Prompt console in administrator mode in order to view and resize the space allocated for SVI “system volume information”:

1. To see the space allocated and used for SVI:

- Open Command Prompt with “Run as Administrator” option

- Type in: vssadmin list shadowstorage

- You will see Used Space, Allocated Space and Maximum Space for SVI

2. To see the restore information stored therein:

- Use in the same console command: vssadmin list shadows

3. To resize the maximum allocated space:

- Type in command: vssadmin resize shadowstorage /on=[here add the drive letter]: /For=[here add the drive letter]: /Maxsize=[here add the maximum size]

- E.g., vssadmin resize shadowstorage /on=C: /For=C: /Maxsize=4GB

- You will see a prompt confirming resize done

- You can check the status again using the command discussed in point 1 above

4. Just to get rid of the space already consumed, but sticking to the same size of max-size as before:

- Do actions as per point 3 to set the max-size t, say, 1GB

- If you check now, most likely you’ll see that used space is now 0KB

- Do the resize again and set it back to what it was before

- Check your disk space availability in Windows Explorer, you should see the reclaim is done!

Hope this helps.

Share your thoughts

DFS on Server 2008 – Error ID: 9032 (The connection is shutting down). Event ID: 5002

1. The problematic replicated folder is “waiting for initial replication”, this could be due to the not setting the primary member.

Please run the following command to find if you have any primary server already for that RG name (IsPrimary=Yes)

Dfsradmin Membership List /RGname:<replication group name> /attr:MemName,RFName,IsPrimary

If the result shows the value for IsPramary attribute is “No”, that means you don’t have any primary server. In this situation, you may set the primary server using the following command

Dfsradmin Membership Set /RGName:<replication group name> /RFName:<replicated folder name> /MemName:<computer name of the member you want to set> /IsPrimary:True

EX. dfsradmin membership set /RGname:contoso.com\namespace\testfolder /RFName:testfolder /memname:Win-DFS-1 /isPrimary:True

2. The actual size of the problematic replicated folder is 3.82GB and the configured size for the staging folder is 4G. I would like to suggest that you set the size of the staging folder is 2 times in large of the replicated folder. It is better to be 7.64GB in size.

3. This member is waiting for initial replication for replicated folder <problematic replicated folder> and is not currently participating in replication. Please check <problematic replicated folder> is enabled in the corresponding replication group.

4. Also, to verify that the DFS replication service can work normally, please make sure that the both of the DFS member servers can be resolved the name of each other. Meanwhile, please verify that the “DFS Replication” and “DFS Namespace” services are started on both DFS member servers.

5. This delay can occur because the member is waiting for the DFS Replication service to retrieve replication settings from Active Directory Domain Services. After the member detects that it is part of replication group, the member will begin initial replication.

There are five common causes of the error that can be occurred, please refer to the following Storage team blog to check if it can be helpful for you.

http://blogs.technet.com/askds/archive/2008/07/15/five-common-causes-of-waiting-for-the-dfs-replication-service-to-retrieve-replication-settings-from-active-directory.aspx

6. Meanwhile, please download the portqry tool and install it on another server. You can use the following command to verify that the required ports are open.

a.  Click Start, click Run, type cmd in the Open box, and then click OK.

b.  Type “portqry -n problem_server -e 135″ (without quotation mark)

Download: PortQryUI – User Interface for the PortQry Command Line Port Scanner

http://www.microsoft.com/downloads/details.aspx?familyid=8355e537-1ea6-4569-aabb-f248f4bd91d0&displaylang=en

Share your thoughts

Open a range of ports on Windows Firewall

Open a range of ports on Windows Firewall

Needed to open a big range of ports on Windows Firewall on one of my web boxes. Via the GUI you can only do one port at a time. But run this at the command prompt to add a range:

FOR /L %I IN (3001,1,4001) DO netsh firewall add portopening TCP %I "Passive FTP"%I

This opens ports 3001 to 4001, and names them ‘Passive FTP’.

You get error on FileZilla server ’425 Can’t open data connection’

If you are running fileZilla server, I think default for Passive mode setting is custom range 3000 – 4000, and windows Firewall block the connection. Open the connection and all works perfect.

Share your thoughts

How to export Outlook profiles from one computer into another

In Microsoft Outlook you can easily export some types of information to a file. However, there is no option to export your profile e.g. when you want to have the same settings on another computer and you do not want to manually put all of them together with the account details again. In order to do so, you can use the Windows Registry Editor that gives access to all the information.

  1. Click Start
  2. In the search field type Regedit and hit Enter
  3. Expand the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles.
  4. You will see a list of your profiles.
  5. Right click on the profile that you want to copy and click Export (Fig.1.).

Fig.1.
Fig.1. Exporting Outlook profiles from the Windows Registry Editor.

  1. Then, you can specify the name of the registry file and the location to save it e.g. Desktop.
  2. Now, you need to copy the file to another computer and double click it there.
  3. Confirm that you want to make changes to the registry.
  4. After you run your Outlook, the new profile will be opened (if you have only one) or you will be prompted to choose one of profiles (if you have more than one).

Share your thoughts

Bule Screen on Server 2008 R2, STOP: c000021a {Fatal Systemn Error}

STOP: c000021a {Fatal Systemn Error} The initial session process or system process terminated unexpectedly with a status of 0×00000000 (0xc0000428 0x001006b8). The system has been shut down

My computer recently blue-screened and rebooted, but is not presenting me with the ’0xc0000428 Windows cannot verify the digital signature for this file’ boot error.

Solutions: Start the computer hit F8 to go to boot menu, select Disable Digital Signature. Windows will start fine, that worked for our Windows Server 2008 R2 running Exchange server.

 

 

Share your thoughts

Windows Update stopped working, or Service is missing

Go to Start / All Programs / Accessories. Right Click the ‘Command Prompt’ item and click the ‘Run As Administrator’ option.

 In the Command Prompt window, Paste the following command.

 REGSVR32 %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL

 Press ENTER.

 You should see a popup that says the command succeeded.

 Exit the command prompt and try Windows Update again.

Share your thoughts

DFS was configured and working fine on Server 2008 STD, but now it’s no longer replicating.

- Due to the following error, the DFS Replication reporting mechanism cannot access the WMI (Windows Management Instrumentation) namespace to retrieve certain reporting information. Error ID: 0x80041002.
- DFS Replication cannot replicate with partner <server name> for replication group <domain>\<name space>\<share>. The partner did not recognize the connection or the replication group configuration. The DFS Replication service used partner DNS name <server name>, IP address <the server ip>, and WINS address <server name> but failed with error ID: 9026 (The connection is invalid). Event ID: 5012
AND
- The DFS Replication service is stopping communication with partner <server name> for replication group Domain System Volume due to an error. The service will retry the connection periodically. 
Additional Information: 
Error: 1726 (The remote procedure call failed.) 
Connection ID: 580D7FC3-873F-48CC-AFC1-73E96DFADCE2 
Replication Group ID: ACA5FC8A-AA2E-4D40-8ECC-3A0A8F45E5F

Solution below sorted my problem:

Open a CMD prompt in %windir%\system32\wbem
type mofcomp dfsrprovs.mof as below
C:\Windows\System32\wbem> mofcomp dfsrprovs.mof
net stop winmgmt
net start winmgmt
net start iphlpsvc
net stop dfsr
net start dfsr

Share your thoughts