Topic Last Modified: 2009-01-21

The Microsoft Exchange Server Best Practices Analyzer parses the authentication settings for the Microsoft-Server-ActiveSync virtual directory to determine whether the appropriate authentication settings are configured.

In a mixed Exchange environment that contains computers that are running Exchange Server 2007 and Exchange Server 2003, the Analyzer determines whether the following conditions are true:

The Analyzer expects Integrated Windows authentication to be enabled on the Microsoft-Server-ActiveSync virtual directory. In this scenario, if Integrated Windows authentication is not enabled, the Analyzer generates a warning message.

This message indicates that users may experience authentication issues when they access the Microsoft-Server-ActiveSync virtual directory.

Microsoft Exchange ActiveSync allows for the synchronization of mailbox information with mobile devices. To do this, Exchange uses the Microsoft-Server-ActiveSync virtual directory in Internet Information Services (IIS).

In the scenario that is described in this topic, mobile device users may be repeatedly prompted for their credentials when they access the Microsoft-Server-ActiveSync virtual directory. Access to the Microsoft-Server-ActiveSync virtual directory may fail.

To address this issue, follow these steps:

  1. Install the hotfix that is mentioned in Microsoft Knowledge Base article 937031, Event ID 1036 is logged on an Exchange 2007 server that is running the CAS role when mobile devices connect to the Exchange 2007 server to access mailboxes on an Exchange 2003 back-end server.

  2. Modify the authentication settings on the Microsoft-Server-ActiveSync virtual directory to enable Integrated Windows authentication.

To configure authentication on the Microsoft-Server-ActiveSync virtual directory in IIS 6.0
  1. On the Exchange 2003 server, start the Internet Information Services (IIS) Manager tool.

  2. Expand the computer name, expand Web Sites, expand Default Web Site, right-click Microsoft-Server-ActiveSync, and then click Properties.

  3. Click the Directory Security tab, and then click Edit under Authentication and access control.

  4. Click to select the Integrated Windows authentication check box, and then click OK two times.

  5. Start a command prompt, and then run the iisreset command to apply the changes.