View or Configure Exchange ActiveSync Virtual Directory Properties
Applies to: Exchange Server 2010
After you have installed the Client Access server role on an Exchange Server 2010 computer, Exchange ActiveSync is enabled by default. An Exchange ActiveSync virtual directory is created on the Exchange 2010 Client Access server. You can configure a variety of options on that virtual directory.
Looking for other management tasks related to Exchange ActiveSync virtual directories? Check out Managing the Exchange ActiveSync Virtual Directory.
Prerequisites
The Client Access server role has been installed on an Exchange 2010 computer. For more information, see Install Exchange Server 2010.
What Do You Want to Do?
- Use the EMC to view or configure the Exchange ActiveSync virtual directory properties
- Use the Shell to configure Exchange ActiveSync virtual directory properties
- Use the Shell to view the Exchange ActiveSync virtual directory properties
Use the EMC to view or configure the Exchange ActiveSync virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.
- In the console tree, navigate to Server Configuration > Client Access.
- In the work pane, click the Exchange ActiveSync tab, and then click the Microsoft-Server-ActiveSync virtual directory.
- In the action pane, under click Microsoft-Server-ActiveSync, click Properties.
- Use the General tab to view display-only information about the Exchange ActiveSync virtual directory and to modify the Internal and External URLs.
- Server This read-only field shows the name of the server the virtual directory is located on.
- Web site This read-only field shows the name of the Web site that holds the virtual directory. Normally, this will be the Default Web Site.
- SSL Enabled This read-only field shows the Secure Sockets Layer (SSL) status of the virtual directory. The default is True.
- Modified This read-only field shows the date and time that the virtual directory was last modified.
- Internal URL This field shows the
InternalURL
setting for the virtual directory. In most cases, you shouldn't change this setting. - External URL This field shows the
ExternalURL
setting for the virtual directory. In an Internet-facing Active Directory site, this field will be populated with the external DNS endpoint for Exchange ActiveSync, for example, https://contoso.com/Microsoft-Server-ActiveSync.
- Use the Authentication tab to control the authentication methods for the Exchange ActiveSync virtual directory.
- Basic authentication (password is sent in clear text) Select this check box if you want the mobile device to send the user name and password in clear text.
Important Because passwords are sent in clear text with Basic authentication, you should configure SSL to encrypt data transferred between your mobile clients and the Exchange ActiveSync virtual directory. - Client Certificate authentication Select whether you want to ignore, accept, or require client certificate authentication.
Certificates can reside in the certificate store on a mobile device or on a smart card. A certificate authentication method uses the Extensible Authentication Protocol (EAP) and Transport Layer Security (TLS) protocols. In EAP-TLS certificate authentication, the client and the server prove their identities to each other. For example, an Exchange ActiveSync client presents its user certificate to the Client Access server, and the Client Access server presents its computer certificate to the mobile device to provide mutual authentication.
Note Requiring client certificates will force you to configure SSL on the Web site that's hosting the Exchange ActiveSync virtual directory.
- Basic authentication (password is sent in clear text) Select this check box if you want the mobile device to send the user name and password in clear text.
- Exchange ActiveSync clients can access files and Web sites that are located on Windows SharePoint Services and Windows file shares. Use the Remote File Servers tab to specify allowed and blocked host names for your Exchange ActiveSync clients. This tab also allows you to configure which domains are treated as internal.
- Block List Click Block to configure a list of host names of servers to which clients are denied access.
The Block list takes precedence over the Allow list. To add a host name to the Block list, type the host name in the Block List dialog box, and then click Add. To remove a host name from the Block list, select the host name, and then click Delete in the Block List dialog box. - Allow List Click the Allow button to configure a list of host names of servers from which clients are allowed to access files.
To add a host name to the Allow list, type the host name in the Allow List dialog box, and then click Add. To remove a host name from the Allow list, select the name, and then click Delete in the Allow List dialog box.
If a host name is specified in the Allow list and the Block list, clients will be blocked from accessing files from that host name. - Unknown Servers Use this list to specify how to access files from host names that aren't listed in either the Block list or the Allow list. The default value is Allow.
- Enter the domain suffixes that should be treated as internal Use this option to configure specific host names as internal host names. Click Configure to add host names to the Internal Domain Suffix List.
When clients try to access files on one of these host names, Exchange ActiveSync uses the internal network to access these files instead of trying to access them over the Internet.
- Block List Click Block to configure a list of host names of servers to which clients are denied access.
Use the Shell to configure the Exchange ActiveSync virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.
This example configures the Exchange ActiveSync virtual directory with Basic authentication and an External URL of https://contoso.com/Microsoft-Server-ActiveSync.
Set-ActiveSyncVirtualDirectory -Identity "http://contoso/microsoft-server-activesync" -BasicAuthEnabled:$true -ExternalURL https://contoso.com/Microsoft-Server-ActiveSync
This example configures the Exchange ActiveSync virtual directory with Basic authentication and adds a site to the blocked list.
Set-ActiveSyncVirtualDirectory -Identity "contoso\microsoft-server-activesync" -BasicAuthEnabled:$true -RemoteDocumentsBlockedServers http://fourthcoffee.com
For syntax and parameter information, see Set-ActiveSyncVirtualDirectory.
Use the Shell to view the Exchange ActiveSync virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.
This example returns the settings for the Exchange ActiveSync virtual directory on the server CAS-01.
Get-ActiveSyncVirtualDirectory -Server "CAS-01"
This example returns the settings for a specific Exchange ActiveSync virtual directory on the server CAS-01.
Get-ActiveSyncVirtualDirectory -Server "CAS-01" -Identity "Microsoft-Server-ActiveSync"
This example returns the settings for the Exchange ActiveSync virtual directory on the server CAS-01, for the domain controller DOM-01.
Get-ActiveSyncVirtualDirectory -Server "CAS-01" -DomainController "DOM-01"
For syntax and parameter information, see Get-ActiveSyncVirtualDirectory.
Other Tasks
After you configure Exchange ActiveSync virtual directory properties, you may also want to View or Configure Exchange ActiveSync Mailbox Policy Properties.
For More Information
Managing the Exchange ActiveSync Virtual Directory
Configure Exchange ActiveSync to Access Windows SharePoint Services Sites and Windows File Shares