Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to check if Kerberos is enabled for EWS and Autodiscover virtual directories in IIS

Posted on 2008-11-05
Medium Priority
Last Modified: 2012-08-13

I recently got handed the task of administering several Exchange environments since the recent dismissal of a fellow co-worker.

One of these environments is running Exchange 2007 SP1 RU4 and I had a user ask me to verify the following:

"I just wanted to know whether kerberos is enabled for /ews and /autodiscover vdir in erage12s IIS.  From a clients perspective, it seems that /autodiscover allows kerberos whereas /ews does not.  Is this the case?"

What I can say is that the client he is using is a Mac.  Does anyone know how I can verify what he is asking?

Thanks for your help.

Question by:jrfruth
  • 3
LVL 33

Accepted Solution

Exchange_Geek earned 2000 total points
ID: 22894236
Check the Autodiscover virtual directory site configuration settings on the Exchange Client Access server (CAS) and make sure SSL is selected for Basic or Windows Integrated Windows authentication (also known as NTLM or Kerberos authentication).
             Follow these steps to check authentication access in the Autodiscover virtual directory on the Client Access server.

  •                              In Internet Information Services (IIS) Manager, locate the Autodiscover virtual directory.
  •                 Right-click Autodiscover virtual directory and select Properties.
  •                 On the Directory Security tab, under Authentication and access control, click Edit.
  • At this location you need to check if WIA is checked - if it is Kerberos / NTLM authentication is on for the virtual directory. If not well you got your answer.
  • Like wise check for other virtual directories to know more about their authentication


                 In the Authentication Methods screen

LVL 32

Expert Comment

ID: 22894389
For full details on Microsoft Link to what Exchange_geek is saying refer to: http://technet.microsoft.com/en-us/library/bb218625.aspx
LVL 33

Expert Comment

ID: 22894725
The links has other information regarding how to avoid using "Enable Anonymous", the fact that the link was avoided was I simply wanted to avoid time to type out the same details being asked.

Not sure if that link would even make any sense being referred to this thread.

Author Closing Comment

ID: 31513726
Thank you Exchange Geek.  You answered my question perfectly. =)
LVL 33

Expert Comment

ID: 22900180
Glad to have helped.

Keep us posted at EE Forums, if you face any issues.

Take Care.

God Bless.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You finally migrated Public Folders to Office 365, decommissioned the Public Folder mailbox database and since then, when you send an email from on-premise to mail-enabled Public Folders, you get the following error: "Misconfigured public folder mai…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question