Exchange 2010 installs several virtual directories in the IIS. These directories are of central importance for the operation of Exchange 2010. It is therefore important to know which directory is used for what:
The virtual directories
/Autodiscover
This directory contains the autodiscover function of Exchange 2010. Outlook 2007, Outlook 2010 and some other clients (smartphones) retrieve the Exchange server settings via this directory. Autodiscover ensures that the correct Exchange Server is automatically selected for a user. The user can set up his Outlook profile without any knowledge. All relevant settings such as server, e-mail address and Outlook Anywhere settings are automatically entered in Outlook.
/ECP
This directory provides the Exchange Control Panel. Discovery searches and settings for Role Based Access can be made via this website
/EWS
EWS provides the "Exchange Web Services" and offers programmers an interface to access Exchange services.
/Exchange
The "Exchange" directory is only active on ClientAccess or ClientAccess/HubTransport servers and forwards users to the OWA interface of earlier Exchange versions. As soon as there is an Exchange 2010 mailbox server, the directory is redirected to "/OWA". During an Exchange migration, the ClientAccess and HubTransport servers are updated first, via the "/exchange" directory it is possible to access mailboxes that are not yet on Exchange 2010 servers.
/Exweb
"Exweb" is also a "legacy directory" and is only used for the transition between Exchange 2003 and Exchange 2010. This directory is only active as long as Exchange 2003 Server exists.
/Microsoft-Server-ActiveSync
Active Sync compatible devices connect to this directory to access Exchange mailboxes. These are usually smartphones/devices such as Windows Mobile, Windows Phone, Android or iOS (iPhone, iPad). These devices receive push notifications about new items in the mailbox via this directory.
/OAB
This directory provides the Offline Address Book (OAB) for Outlook 2007 and Outlook 2010 for download. Outlook 2003 downloads the address book via the public folders and does not connect to this page.
/OWA
OWA provides the "Outlook Web App". A web-based client for Exchange 2010. In earlier versions of Exchange, OWA was still called Outlook Web Access, but since Exchange 2010 the web-based interface has been significantly enhanced and is now much faster than its predecessors. OWA is now also fully compatible with all browsers and runs not only with Internet Explorer.
/PowerShell
The Exchange Server can be managed remotely via this directory, the Exchange Management Shell and the Exchange Management Console connect to this directory to carry out configurations. The local EMS and EMC also connect to this directory. Without this directory, it is not possible to connect to Exchange 2010 via EMC or EMS.
/Public
The "Public" directory is used by Outlook Web App to access the public folders.
/RPC
Outlook Anywhere (HTTPSoverRPC) connects to Exchange via "RPC". Outlook Anywhere ensures that Outlook can also reach the Exchange server without a VPN tunnel. For this purpose, an RPC connection is established via HTTPS.
/RPCwithCert
Outlook Anywhere (HTTPSoverRPC) connects to Exchange via "RPCwithCert". Outlook Anywhere ensures that Outlook can also reach the Exchange server without a VPN tunnel. For this purpose, an RPC connection is established via HTTPS. The difference to "RPC" is that this directory requires client certificates for client authentication.
Troubleshooting
Problems in connection with the virtual Exchange directories are often caused by faulty or incorrectly configured authorizations. In the event of problems, you should therefore first check the authorizations and authentication settings in IIS. The important settings are assigned in 3 places in IIS:
The NTFS permissions can be accessed by right-clicking on the respective directory under "Edit permissions...".
The Auth. Settings can be found in the respective directory under "Authentication"
SSL settings for the directory can be accessed via the "SSL settings" item in the directory
This table lists the default settings of the respective directories
| Directory | Auth. Settings | SSL settings | NTFS permissions |
| Autodiscover | Anonymous authentication Standard authentication Windows authentication | SSL required: Yes Ignore client certificates | Authenticated users (Read and execute) System (full access) Administrators (full access) |
| ECP | Anonymous authentication Standard authentication | SSL required: Yes Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| EWS | Anonymous authentication Standard authentication | SSL required: Yes Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| Exchange | – | SSL required: Yes Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| Exweb | – | SSL required: Yes Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| Microsoft Server ActiveSync | Standard authentication | SSL required: Yes Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| OAB | Windows authentication | SSL required: no Ignore client certificates | System (full access) Administrators (full access) Organization Management (Browse folders, List folders, Read attributes, Read extended attributes, Read permissions) View-Only Organization Management (Browse folders, List folders, Read attributes, Read extended attributes, Read permissions) IIS_IUSRS (Browse folders, List folders, Read attributes, Read extended attributes, Read permissions) |
| OWA | Standard authentication | SSL required: yes Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| PowerShell | – | SSL required: no Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| Public | – | SSL required: Yes Ignore client certificates | Authenticated users (Read) System (full access) Administrators (full access) |
| RPC | Standard authentication | SSL required: Yes Ignore client certificates | Administrators (full access) System (full access) Users (Read and execute) TrustedInstaller (full access) |
| RPCwithCert | – | SSL required: Yes Client certificates required | Administrators (full access) System (full access) Users (Read and execute) TrustedInstaller (full access) |
The virtual directories can also be reset using the Exchange Management Console and the shell, which may save you a lot of work. The way via the console:
In the next dialog, the directory can then be selected and reset to the default.
As you can see here, this works with the most important Exchange directories. But if it gets stuck with RPC, you have to do it yourself J
The way via the management shell is similarly simple as via the console, which CMDlets have to be used is described here including an example:
http://technet.microsoft.com/en-us/library/ff629372.aspx
I don't have much more to add, except of course that the external host name should also be specified when adding:
New-OwaVirtualDirectory -InternalUrl "https://ex01.frankysweb.local/owa" -ExternalURL "https://owa.frankysweb.de/owa" -WebSiteName "Default Web Site"
The same applies to the remaining directories.
Hey Franky,
alter Artikel aber trotzdem… ich finde keine ordentliche Anleitung zum neu Anlegen der RPC Verzeichnisse.
Hättest du ein Link hierfür?
Unser Kunde kann plötzlich nicht mehr über Outlook Anywhere zugreifen, beim kontrollieren der NTFS Berechtigungen musste ich auch Feststellen das da einiges korrupt ist. Der Versuch die Berechtigungen neu zu setzen bewirkt nichts.
Danke & Gruß
Einfach nur cool, was habe ich im IIS rumgedoktert. Vielen Dank, TOP Hinweis !!!