Default settings for Exchange-related virtual directories in Exchange Server 2007
Published Feb 01 2008 02:27 PM 28.8K Views

One of the most common questions I'm asked is if we have any resources that document the default settings for the Exchange-related virtual directories in Exchange 2007 - specifically with regards to the authentication and SSL settings. This aims to address that need should you find yourself in a situation where these settings have been inadvertently modified with the end result being an undesirable behavior in Exchange 2007. These settings hold true for both Exchange 2007 RTM and Service Pack 1. We begin with the default settings on a standalone Client Access Server, followed by the settings on a standalone Mailbox server:

Exchange 2007 Client Access Server

 

Location

 

Authentication

 

SSL Setting

 

Comments

 

Default Web Site

 

Anonymous

 

Required

 

"Enable HTTP Keep-Alives" setting should be enabled on Web Site tab

 

/Owa

 

Basic

 

Required

 

Management of authentication setting should be done in Exchange Management Console

 

/Exchange

 

Basic

 

Required

 

Management of authentication setting should be done in Exchange Management Console

 

/Public

 

Basic

 

Required

 

Management of authentication setting should be done in Exchange Management Console

 

/Exchweb

 

Basic

 

Required

 

Management of authentication setting should be done in Exchange Management Console

 

/Oab

 

Integrated

 

Not required

 

   

/Autodiscover

 

Basic and Integrated

 

Required

 

   

/Ews

 

Integrated

 

Required

 

   

/UnifiedMessaging

 

Integrated

 

Required

 

   

/Microsoft-Server-Activesync

 

Basic

 

Required

 

Management of authentication setting should be done in Exchange Management Console

 

/Rpc

 

Basic and Integrated

 

Required

 

Technically, this is a Windows component but I've added it here since Outlook Anywhere depends on the installation of this virtual directory

 

Exchange 2007 Mailbox Server

 

Location

 

Authentication

 

SSL Setting

 

Comments

 

Default Web Site

 

Anonymous

 

Not required

 

   

/Exadmin

 

Basic and Integrated

 

Not required

 

   

/Exchange

 

Basic and Integrated

 

Not required

 

Management of authentication setting should be done in Exchange Management Console

 

/Public

 

Basic and Integrated

 

Not required

 

Management of authentication setting should be done in Exchange Management Console

 
- Joe Turick

5 Comments
Not applicable
ahh, I had a massive issue this week, which I finally fixed, then this come out the next day.

One thing I don't understand, is why it's reported CAS-MB is RPC, but you still need the virtual directories when going from CAS-MB. Are there any articles, detailing what's really going on and the lines of traffic when a users hits CAS1 which then gets the mail from MB1?

Not applicable
If I understand right, CAS to MBX in the same AD Site is MAPI/RPC, but CAS to MBX in a different AD site is HTTP.
Not applicable
Not applicable
Great post!  I would just add that with IIS-6 and the XML metabase with it's automatic, menu-driven backups, it is trivial to make a baseline backup of the metabase for comparision purposes while a server is functioning properly.

While many of the settings above must be managed/changed from within the Exchange Management Console, a malfunctioning XML metabase can be easily compared to the baseline when troubleshooting using readily available text-file compare tools.

I have found this feature quite useful in our environment.
Not applicable
Does the HTTP keep-alive value affect Microsoft Exchange Active Sync Direct Push?  I have frequent problems with my handheld clients getting disconnected after just a few minutes and not staying "connected' and as a result their mail is not very "pushed".  Often times messages will show up 10 minutes late on the WM6 phones.

Thanks for the great post!
Version history
Last update:
‎Feb 01 2008 02:27 PM
Updated by: