How to check if Kerberos is enabled for EWS and Autodiscover virtual directories in IIS

Posted on 2008-11-05
Last Modified: 2012-08-13

I recently got handed the task of administering several Exchange environments since the recent dismissal of a fellow co-worker.

One of these environments is running Exchange 2007 SP1 RU4 and I had a user ask me to verify the following:

"I just wanted to know whether kerberos is enabled for /ews and /autodiscover vdir in erage12s IIS.  From a clients perspective, it seems that /autodiscover allows kerberos whereas /ews does not.  Is this the case?"

What I can say is that the client he is using is a Mac.  Does anyone know how I can verify what he is asking?

Thanks for your help.

Question by:jrfruth
    LVL 33

    Accepted Solution

    Check the Autodiscover virtual directory site configuration settings on the Exchange Client Access server (CAS) and make sure SSL is selected for Basic or Windows Integrated Windows authentication (also known as NTLM or Kerberos authentication).
                 Follow these steps to check authentication access in the Autodiscover virtual directory on the Client Access server.

    •                              In Internet Information Services (IIS) Manager, locate the Autodiscover virtual directory.
    •                 Right-click Autodiscover virtual directory and select Properties.
    •                 On the Directory Security tab, under Authentication and access control, click Edit.
    • At this location you need to check if WIA is checked - if it is Kerberos / NTLM authentication is on for the virtual directory. If not well you got your answer.
    • Like wise check for other virtual directories to know more about their authentication


                     In the Authentication Methods screen

    LVL 32

    Expert Comment

    For full details on Microsoft Link to what Exchange_geek is saying refer to:
    LVL 33

    Expert Comment

    The links has other information regarding how to avoid using "Enable Anonymous", the fact that the link was avoided was I simply wanted to avoid time to type out the same details being asked.

    Not sure if that link would even make any sense being referred to this thread.

    Author Closing Comment

    Thank you Exchange Geek.  You answered my question perfectly. =)
    LVL 33

    Expert Comment

    Glad to have helped.

    Keep us posted at EE Forums, if you face any issues.

    Take Care.

    God Bless.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
    Easy CSR creation in Exchange 2007,2010 and 2013
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now