View or Configure Exchange ActiveSync Virtual Directory Properties

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

After you have installed the Client Access server role on an Exchange Server 2010 computer, Exchange ActiveSync is enabled by default. An Exchange ActiveSync virtual directory is created on the Exchange 2010 Client Access server. You can configure a variety of options on that virtual directory.

Looking for other management tasks related to Exchange ActiveSync virtual directories? Check out Managing the Exchange ActiveSync Virtual Directory.

Prerequisites

The Client Access server role has been installed on an Exchange 2010 computer. For more information, see Install Exchange Server 2010.

What Do You Want to Do?

• Use the EMC to view or configure the Exchange ActiveSync virtual directory properties

• Use the Shell to configure Exchange ActiveSync virtual directory properties

• Use the Shell to view the Exchange ActiveSync virtual directory properties

Use the EMC to view or configure the Exchange ActiveSync virtual directory properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.

1. In the console tree, navigate to Server Configuration > Client Access.

2. In the work pane, click the Exchange ActiveSync tab, and then click the Microsoft-Server-ActiveSync virtual directory.

3. In the action pane, under click Microsoft-Server-ActiveSync, click Properties.

4. Use the General tab to view display-only information about the Exchange ActiveSync virtual directory and to modify the Internal and External URLs.

   • Server   This read-only field shows the name of the server the virtual directory is located on.

   • Web site   This read-only field shows the name of the Web site that holds the virtual directory. Normally, this will be the Default Web Site.

   • SSL Enabled   This read-only field shows the Secure Sockets Layer (SSL) status of the virtual directory. The default is True.

   • Modified   This read-only field shows the date and time that the virtual directory was last modified.

   • Internal URL   This field shows the InternalURL setting for the virtual directory. In most cases, you shouldn't change this setting.

   • External URL   This field shows the ExternalURL setting for the virtual directory. In an Internet-facing Active Directory site, this field will be populated with the external DNS endpoint for Exchange ActiveSync, for example, https://contoso.com/Microsoft-Server-ActiveSync.

5. Use the Authentication tab to control the authentication methods for the Exchange ActiveSync virtual directory.

   • Basic authentication (password is sent in clear text)   Select this check box if you want the mobile device to send the user name and password in clear text.

     Important   Because passwords are sent in clear text with Basic authentication, you should configure SSL to encrypt data transferred between your mobile clients and the Exchange ActiveSync virtual directory.

   • Client Certificate authentication   Select whether you want to ignore, accept, or require client certificate authentication.

     Certificates can reside in the certificate store on a mobile device or on a smart card. A certificate authentication method uses the Extensible Authentication Protocol (EAP) and Transport Layer Security (TLS) protocols. In EAP-TLS certificate authentication, the client and the server prove their identities to each other. For example, an Exchange ActiveSync client presents its user certificate to the Client Access server, and the Client Access server presents its computer certificate to the mobile device to provide mutual authentication.

     Note   Requiring client certificates will force you to configure SSL on the Web site that's hosting the Exchange ActiveSync virtual directory.

6. Exchange ActiveSync clients can access files and Web sites that are located on Windows SharePoint Services and Windows file shares. Use the Remote File Servers tab to specify allowed and blocked host names for your Exchange ActiveSync clients. This tab also allows you to configure which domains are treated as internal.

   • Block List   Click Block to configure a list of host names of servers to which clients are denied access.

     The Block list takes precedence over the Allow list. To add a host name to the Block list, type the host name in the Block List dialog box, and then click Add. To remove a host name from the Block list, select the host name, and then click Delete in the Block List dialog box.

   • Allow List   Click the Allow button to configure a list of host names of servers from which clients are allowed to access files.

     To add a host name to the Allow list, type the host name in the Allow List dialog box, and then click Add. To remove a host name from the Allow list, select the name, and then click Delete in the Allow List dialog box.

     If a host name is specified in the Allow list and the Block list, clients will be blocked from accessing files from that host name.

   • Unknown Servers   Use this list to specify how to access files from host names that aren't listed in either the Block list or the Allow list. The default value is Allow.

   • Enter the domain suffixes that should be treated as internal   Use this option to configure specific host names as internal host names. Click Configure to add host names to the Internal Domain Suffix List.

     When clients try to access files on one of these host names, Exchange ActiveSync uses the internal network to access these files instead of trying to access them over the Internet.

Use the Shell to configure the Exchange ActiveSync virtual directory properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.

This example configures the Exchange ActiveSync virtual directory with Basic authentication and an External URL of https://contoso.com/Microsoft-Server-ActiveSync.

Set-ActiveSyncVirtualDirectory -Identity "http://contoso/microsoft-server-activesync" -BasicAuthEnabled:$true -ExternalURL https://contoso.com/Microsoft-Server-ActiveSync

This example configures the Exchange ActiveSync virtual directory with Basic authentication and adds a site to the blocked list.

Set-ActiveSyncVirtualDirectory -Identity "contoso\microsoft-server-activesync" -BasicAuthEnabled:$true -RemoteDocumentsBlockedServers http://fourthcoffee.com

For syntax and parameter information, see Set-ActiveSyncVirtualDirectory.

Use the Shell to view the Exchange ActiveSync virtual directory properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.

This example returns the settings for the Exchange ActiveSync virtual directory on the server CAS-01.

Get-ActiveSyncVirtualDirectory -Server "CAS-01"

This example returns the settings for a specific Exchange ActiveSync virtual directory on the server CAS-01.

Get-ActiveSyncVirtualDirectory -Server "CAS-01" -Identity "Microsoft-Server-ActiveSync"

This example returns the settings for the Exchange ActiveSync virtual directory on the server CAS-01, for the domain controller DOM-01.

Get-ActiveSyncVirtualDirectory -Server "CAS-01" -DomainController "DOM-01"

For syntax and parameter information, see Get-ActiveSyncVirtualDirectory.

Other Tasks

After you configure Exchange ActiveSync virtual directory properties, you may also want to View or Configure Exchange ActiveSync Mailbox Policy Properties.

For More Information

Managing the Exchange ActiveSync Virtual Directory

Configure Exchange ActiveSync to Access Windows SharePoint Services Sites and Windows File Shares

Managing Exchange ActiveSync

Understanding Exchange ActiveSync

 © 2010 Microsoft Corporation. All rights reserved.