Exchange 2010 installs several virtual directories in the IIS. These directories are of central importance for the operation of Exchange 2010. It is therefore important to know which directory is used for what:
The virtual directories
/Autodiscover
This directory contains the autodiscover function of Exchange 2010. Outlook 2007, Outlook 2010 and some other clients (smartphones) retrieve the Exchange server settings via this directory. Autodiscover ensures that the correct Exchange Server is automatically selected for a user. The user can set up his Outlook profile without any knowledge. All relevant settings such as server, e-mail address and Outlook Anywhere settings are automatically entered in Outlook.
/ECP
This directory provides the Exchange Control Panel. Discovery searches and settings for Role Based Access can be made via this website
/EWS
EWS stellt die „Exchange Web Services“ bereit und bietet Programmierern eine Schnittstelle um auf Exchange Dienste zuzugreifen.
/Exchange
Das „Exchange“ Verzeichnis ist nur auf ClientAccess bzw ClientAccess/HubTransport Servern aktiv und leitet Benutzer an die OWA Schnittstelle früherer Exchange Versionen weiter. Sobald es einen Exchange 2010 Mailbox Server gibt, wird das Verzeichnis auf „/OWA“ weitergeleitet. Bei einer Exchange Migration werden zuerst die ClientAccess und HubTransport Server aktualisiert, über das Verzeichnis „/exchange“ ist es möglich auf Postfächer zuzugreifen die sich noch nicht auf Exchange 2010 Servern befinden.
/Exweb
„Exweb“ ist ebenfalls ein „Legacy Verzeichnis“ und dient nur dem Übergang zwischen Exchange 2003 zu Exchange 2010. Dieses Verzeichnis ist nur aktiv solange es Exchange 2003 Server gibt.
/Microsoft-Server-ActiveSync
Active Sync compatible devices connect to this directory to access Exchange mailboxes. These are usually smartphones/devices such as Windows Mobile, Windows Phone, Android or iOS (iPhone, iPad). These devices receive push notifications about new items in the mailbox via this directory.
/OAB
This directory provides the Offline Address Book (OAB) for Outlook 2007 and Outlook 2010 for download. Outlook 2003 downloads the address book via the public folders and does not connect to this page.
/OWA
OWA stellt die „Outlook Web App“ bereit. Ein Webbasierter Client für Exchange 2010. In früheren Version von Exchange hieß OWA noch Outlook Web Access, seit Exchange 2010 wurde die webbasierte Schnittstelle allerdings deutlich weiterentwickelt und ist nun deutlich schneller als ihre Vorgänger. OWA ist nun auch voll kompatibel zu allen Browsern und läuft nicht nur mit dem Internet Explorer.
/PowerShell
The Exchange Server can be managed remotely via this directory, the Exchange Management Shell and the Exchange Management Console connect to this directory to carry out configurations. The local EMS and EMC also connect to this directory. Without this directory, it is not possible to connect to Exchange 2010 via EMC or EMS.
/Public
Das Verzeichnis „Public“ wird von Outlook Web App benutzt um auf die Öffentlichen Ordner zuzugreifen.
/RPC
Via „RPC“ verbindet sich Outlook Anywhere (HTTPSoverRPC) zu Exchange. Outlook Anywhere stellt sicher, dass Outlook auch ohne VPN-Tunnel die Exchange Server erreichen kann. Dazu wird eine RPC-Verbindung via HTTPS aufgebaut.
/RPCwithCert
Via „RPCwithCert“ verbindet sich Outlook Anywhere (HTTPSoverRPC) zu Exchange. Outlook Anywhere stellt sicher, dass Outlook auch ohne VPN-Tunnel die Exchange Server erreichen kann. Dazu wird eine RPC-Verbindung via HTTPS aufgebaut. Der Unterschied zu „RPC“ ist, das bei diesem Verzeichnis Clientzertifikate für die Authentifizierung des Clients erforderlich sind.
Troubleshooting
Problems in connection with the virtual Exchange directories are often caused by faulty or incorrectly configured authorizations. In the event of problems, you should therefore first check the authorizations and authentication settings in IIS. The important settings are assigned in 3 places in IIS:
Die NTFS Berechtigungen können mit einem Rechtsklick auf das jeweilige Verzeichnis unter dem Punkt „Berechtigungen bearbeiten…“ aufgerufen werden.
Die Auth. Einstellungen finden sich auf dem jeweiligen Verzeichnis unter dem Punkt „Authentifizierung“
SSL-Einstellungen zum Verzeichnis können über den Punkt „SSL-Einstellungen“ des Verzeichnisses aufgerufen werden
This table lists the default settings of the respective directories
| Directory | Auth. Settings | SSL settings | NTFS permissions |
| Autodiscover | Anonymous authentication
Standard authentication Windows authentication |
SSL required: Yes
Ignore client certificates |
Authenticated users (Read and execute)
System (full access) Administrators (full access) |
| ECP | Anonymous authentication
Standard authentication |
SSL required: Yes
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| EWS | Anonymous authentication
Standard authentication |
SSL required: Yes
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| Exchange | – | SSL required: Yes
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| Exweb | – | SSL required: Yes
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| Microsoft Server ActiveSync | Standard authentication | SSL required: Yes
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| OAB | Windows authentication | SSL required: no
Ignore client certificates |
System (full access)
Administrators (full access) Organization Management (Browse folders, List folders, Read attributes, Read extended attributes, Read permissions) View-Only Organization Management (Browse folders, List folders, Read attributes, Read extended attributes, Read permissions) IIS_IUSRS (Browse folders, List folders, Read attributes, Read extended attributes, Read permissions) |
| OWA | Standard authentication | SSL required: yes
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| PowerShell | – | SSL required: no
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| Public | – | SSL required: Yes
Ignore client certificates |
Authenticated users (Read)
System (full access) Administrators (full access) |
| RPC | Standard authentication | SSL required: Yes
Ignore client certificates |
Administrators (full access) System (full access) Users (Read and execute) TrustedInstaller (full access) |
| RPCwithCert | – | SSL required: Yes
Client certificates required |
Administrators (full access) System (full access) Users (Read and execute) TrustedInstaller (full access) |
The virtual directories can also be reset using the Exchange Management Console and the shell, which may save you a lot of work. The way via the console:
In the next dialog, the directory can then be selected and reset to the default.
As you can see here, this works with the most important Exchange directories. But if it gets stuck with RPC, you have to do it yourself J
The way via the management shell is similarly simple as via the console, which CMDlets have to be used is described here including an example:
http://technet.microsoft.com/en-us/library/ff629372.aspx
I don't have much more to add, except of course that the external host name should also be specified when adding:
New-OwaVirtualDirectory -InternalUrl „https://ex01.frankysweb.local/owa“ -ExternalURL „https://owa.frankysweb.de/owa“ -WebSiteName „Default Web Site“
The same applies to the remaining directories.