Default Authentication Settings for Exchange-related Virtual Directories

May 5, 2012

Topic Last Modified: 2010-09-20

The installation of Microsoft Exchange Server 2007 automatically configures several Internet Information Services (IIS) virtual directories, as appropriate for the particular Exchange role or roles that are installed.

This topic discusses the default settings for the Exchange-related virtual directories. Specifically, this topic contains information about the default authentication settings and about the default SSL settings.

Windows Server 2008

Client Access Server Role

The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directory	Authentication method	SSL settings	Additional comments
Default Web Site	Anonymous authentication	SSL required Require 128-bit encryption	The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.
aspnet_client	Anonymous authentication	SSL required Require 128-bit encryption
Autodiscover	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Shell.
EWS	Windows authentication	SSL required Require 128-bit encryption
owa	Basic authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Exchange	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Public	Basic authentication Windows authentication	Not required	Authentication management should be performed by using the Exchange Management Console.
Exchweb	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
OAB	Windows authentication	Not required	Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
UnifiedMessaging	Windows authentication	SSL required Require 128-bit encryption
Microsoft-Server-ActiveSync	Basic authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Rpc	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.
RpcWithCert	By default, all authentication methods are disabled	SSL required	Authentication management should be performed by using the Exchange Management Shell.

Mailbox Server Role

The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory	Authentication method	SSL settings	Additional comments
Default Web Site	Anonymous	Not required
Exadmin	Basic authentication Windows authentication	SSL required Require 128-bit encryption
Exchange	Basic authentication Windows authentication	Not required	Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Public	Basic authentication Windows authentication	Not required	Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

Windows Small Business Server 2008

The following table lists the default Exchange 2007 IIS settings on a Windows SBS 2008-based server.

Default Exchange-related IIS authentication and SSL settings.

Virtual directory	Authentication method	SSL settings	Additional comments
Default Web Site	Anonymous authentication	Not required
aspnet_client	Anonymous authentication	Not required
Autodiscover	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Shell.
EWS	Basic authentication Windows authentication	SSL required Require 128-bit encryption
Exadmin	Basic authentication Windows authentication	SSL required Require 128-bit encryption
Exchange	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Exchweb	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Microsoft-Server-ActiveSync	Basic authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.
OAB	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
owa	Basic authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Public	Basic authentication Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Rpc	Basic authentication Windows authentication	Not required	Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.
RpcWithCert	By default, all authentication methods are disabled	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Shell.
UnifiedMessaging	Windows authentication	SSL required Require 128-bit encryption

Windows Server 2003

Client Access Server role

The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directory	Authentication method	SSL settings	Additional comments
Default Web Site	Anonymous authentication	SSL required Require 128-bit encryption	The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.
aspnet_client	Anonymous authentication	SSL required Require 128-bit encryption
Autodiscover	Anonymous authentication Integrated Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Shell.
EWS	Integrated Windows authentication	SSL required Require 128-bit encryption
owa	Basic authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Exchange	Basic authentication Integrated Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Public	Basic authentication Integrated Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
Exchweb	Basic authentication Integrated Windows authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console.
OAB	Integrated Windows authentication	Not required	Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.
UnifiedMessaging	Integrated Windows authentication	SSL required Require 128-bit encryption
Microsoft-Server-ActiveSync	Basic authentication	SSL required Require 128-bit encryption	Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.

Mailbox Server role

The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory	Authentication method	SSL settings	Additional comments
Default Web Site	Anonymous	Not required
Exadmin	Basic authentication Integrated Windows authentication	SSL required Require 128-bit encryption
Exchange	Basic authentication Integrated Windows authentication	Not required	Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Public	Basic authentication Integrated Windows authentication	Not required	Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.

Microsoft Exchange Server 2010 automatically configures multiple Internet Information Services (IIS) virtual directories during installation. This topic contains information about the default IIS authentication settings and default Secure Sockets Layer (SSL) settings for the Client Access and Mailbox server roles.

Client Access Server Role

The following table lists the default settings on a stand-alone Exchange 2010 Client Access server.

Default Client Access server IIS authentication and SSL settings

Virtual directory	Authentication method	SSL settings	Management method
Default Web site	Anonymous	Required	IIS ,management console
aspnet_client	Anonymous authentication	SSL required Requires 128-bit encryption	IIS management console
Autodiscover	Anonymous authentication Basic authentication Windows authentication	SSL required Require 128-bit encryption	Exchange Management Shell (Shell)
ecp	Anonymous authentication Basic authentication	SSL required Requires 128-bit encryption	Exchange Management Console (EMC) or Shell
EWS	Anonymous authentication Windows authentication	SSL required Requires 128-bit encryption	Shell
Microsoft-Server-ActiveSync	Basic authentication	SSL required Requires 128-bit encryption	EMC or Shell
OAB	Windows authentication	Not required	EMC or Shell
owa	Basic	SSL required Requires 128-bit encryption	EMC or Shell
Powershell	Anonymous authentication	Not required	Shell
Rpc	Basic authentication Windows authentication	SSL required Requires 128-bit encryption	Shell
RpcWithCert	By default, all authentication methods are disabled	Required

Mailbox Server Role

The following table lists the default settings on a stand-alone Exchange 2010 mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory	Authentication method	SSL settings	Management method
Default Web site	Anonymous authentication	SSL required Requires 128-bit encryption	This virtual directory isn’t configurable by the user.
PowerShell	Anonymous authentication	Not required	Shell.

Tagged with:

Categorised as: Exchange, Microsoft, Outlook

Memorise