How to check if Kerberos is enabled for EWS and Autodiscover virtual directories in IIS


I recently got handed the task of administering several Exchange environments since the recent dismissal of a fellow co-worker.

One of these environments is running Exchange 2007 SP1 RU4 and I had a user ask me to verify the following:

"I just wanted to know whether kerberos is enabled for /ews and /autodiscover vdir in erage12s IIS.  From a clients perspective, it seems that /autodiscover allows kerberos whereas /ews does not.  Is this the case?"

What I can say is that the client he is using is a Mac.  Does anyone know how I can verify what he is asking?

Thanks for your help.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check the Autodiscover virtual directory site configuration settings on the Exchange Client Access server (CAS) and make sure SSL is selected for Basic or Windows Integrated Windows authentication (also known as NTLM or Kerberos authentication).
             Follow these steps to check authentication access in the Autodiscover virtual directory on the Client Access server.

  •                              In Internet Information Services (IIS) Manager, locate the Autodiscover virtual directory.
  •                 Right-click Autodiscover virtual directory and select Properties.
  •                 On the Directory Security tab, under Authentication and access control, click Edit.
  • At this location you need to check if WIA is checked - if it is Kerberos / NTLM authentication is on for the virtual directory. If not well you got your answer.
  • Like wise check for other virtual directories to know more about their authentication


                 In the Authentication Methods screen

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
For full details on Microsoft Link to what Exchange_geek is saying refer to:
The links has other information regarding how to avoid using "Enable Anonymous", the fact that the link was avoided was I simply wanted to avoid time to type out the same details being asked.

Not sure if that link would even make any sense being referred to this thread.
jrfruthAuthor Commented:
Thank you Exchange Geek.  You answered my question perfectly. =)
Glad to have helped.

Keep us posted at EE Forums, if you face any issues.

Take Care.

God Bless.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.