Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-16

Use the Set-WebServicesVirtualDirectory cmdlet to modify an existing Exchange Web Services virtual directory on a server running Microsoft Exchange Server 2010 that has the Client Access server role installed.

Syntax


Set-WebServicesVirtualDirectory -Identity <VirtualDirectoryIdParameter> [-BasicAuthentication <$true \| $false>] [-CertificateAuthentication <$true \| $false>] [-Confirm [<SwitchParameter>]] [-DigestAuthentication <$true \| $false>] [-DomainController <Fqdn>] [-ExtendedProtectionFlags <MultiValuedProperty>] [-ExtendedProtectionSPNList <MultiValuedProperty>] [-ExtendedProtectionTokenChecking <None \| Allow \| Require>] [-ExternalUrl <Uri>] [-Force <SwitchParameter>] [-GzipLevel <Off \| Low \| High \| Error>] [-InternalNLBBypassUrl <Uri>] [-InternalUrl <Uri>] [-LiveIdBasicAuthentication <$true \| $false>] [-LiveIdSpNegoAuthentication <$true \| $false>] [-MRSProxyEnabled <$true \| $false>] [-MRSProxyMaxConnections <Unlimited>] [-UpdateManagementVirtualDirectory <SwitchParameter>] [-WhatIf [<SwitchParameter>]] [-WindowsAuthentication <$true \| $false>] [-WSSecurityAuthentication <$true \| $false>]

Set-WebServicesVirtualDirectory -Identity
<VirtualDirectoryIdParameter> [-BasicAuthentication <$true
| $false>] [-CertificateAuthentication <$true | $false>]
[-Confirm [<SwitchParameter>]] [-DigestAuthentication
<$true | $false>] [-DomainController <Fqdn>]
[-ExtendedProtectionFlags <MultiValuedProperty>]
[-ExtendedProtectionSPNList <MultiValuedProperty>]
[-ExtendedProtectionTokenChecking <None | Allow | Require>]
[-ExternalUrl <Uri>] [-Force <SwitchParameter>]
[-GzipLevel <Off | Low | High | Error>]
[-InternalNLBBypassUrl <Uri>] [-InternalUrl <Uri>]
[-LiveIdBasicAuthentication <$true | $false>]
[-LiveIdSpNegoAuthentication <$true | $false>]
[-MRSProxyEnabled <$true | $false>] [-MRSProxyMaxConnections
<Unlimited>] [-UpdateManagementVirtualDirectory
<SwitchParameter>] [-WhatIf [<SwitchParameter>]]
[-WindowsAuthentication <$true | $false>]
[-WSSecurityAuthentication <$true | $false>]

Detailed Description

If you have a load balanced set of Client Access servers, you don't have to specify the name of each server when you run the command. It's sufficient to use only the name of one of the networked load balanced servers.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Exchange Web Services virtual directory settings" entry in the Client Access Permissions topic.

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.VirtualDirectoryIdParameter

The Identity parameter specifies the name of the virtual directory. You can also specify a wildcard character instead of the default Web site.

BasicAuthentication

Optional

System.Boolean

The BasicAuthentication parameter specifies whether Basic authentication is enabled on the Exchange Web Services virtual directory. This parameter can be used with the DigestAuthentication and WindowsAuthentication parameters.

CertificateAuthentication

Optional

System.Boolean

The CertificateAuthentication parameter specifies whether certificate authentication is enabled. This parameter affects the <Servername>/ews/management/ virtual directory. It doesn't affect the <Servername>/ews/ virtual directory.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DigestAuthentication

Optional

System.Boolean

The DigestAuthentication parameter specifies whether Digest authentication is enabled on the virtual directory.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

ExtendedProtectionFlags

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionFlags parameter is used to customize the options you use if you're using Extended Protection for Authentication. The possible values are:

None Default setting.
Proxy Specifies that a proxy is terminating the SSL channel. A Service Principal Name (SPN) must be registered in the ExtendedProtectionSPNList parameter if proxy mode is configured.
ProxyCoHosting Specifies that both HTTP and HTTPS traffic may be accessing the Client Access server and that a proxy is located between at least some of the clients and the Client Access server.
AllowDotlessSPN Specifies whether you want to support valid SPNs that aren't in the fully qualified domain name (FQDN) format, for example ContosoMail. You specify valid SPNs with the ExtendedProtectionSPNList parameter. This option makes extended protection less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.
NoServiceNameCheck Specifies that the SPN list won't be checked to validate a channel binding token. This option makes Extended Protection for Authentication less secure. We generally don't recommend this setting.

ExtendedProtectionSPNList

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using Extended Protection for Authentication on the specified virtual directory.

The possible values are:

Null This is the default value.
Single SPN or comma delimited list of valid SPNs By default, you must specify the fully qualified domain name (FQDN) (for example mail.contoso.com) for each SPN. If you want to add an SPN that's not an FQDN (for example, ContosoMail), you must also use the ExtendedProtectionTokenChecking parameter with the AllowDotlessSPN value. You specify the domain in SPN format. The SPN format is <protocol>/<FQDN>. For example, a valid entry could be HTTP/mail.contoso.com.

ExtendedProtectionTokenChecking

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.ExtendedProtectionTokenCheckingMode

The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the specified Exchange virtual directory. Extended Protection for Authentication isn't enabled by default. The available settings are:

None Extended Protection for Authentication won't be used. Connections between the client and Exchange won't use Extended Protection for Authentication on this virtual directory. This is the default setting.
Allow Extended Protection for Authentication will be used for connections between the client and Exchange on this virtual directory if both the client and server support Extended Protection for Authentication. Connections that don't support Extended Protection for Authentication on the client and server will work, but may not be as secure as a connection using Extended Protection for Authentication.

Note:
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-to-proxy SSL channel, you must also configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.

Require Extended Protection for Authentication will be used for all connections between clients and Exchange servers for this virtual directory. If either the client or server doesn't support Extended Protection for Authentication, the connection between the client and server will fail. If you set this option, you must also set a value for the ExtendedProtectionSPNList parameter.

Note:
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-to-proxy SSL channel, you must also configure one or more SPNs using the parameter ExtendedProtectionSPNList.

To learn more about Extended Protection for Authentication, see Understanding Extended Protection for Authentication.

ExternalUrl

Optional

System.Uri

The ExternalUrl parameter specifies the host name used to connect to the Exchange server from outside the firewall. This setting is also important when Secure Sockets Layer (SSL) is used.

Force

Optional

System.Management.Automation.SwitchParameter

The Force parameter specifies whether to suppress the warning or confirmation messages that appear during specific configuration changes.

GzipLevel

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.GzipLevel

The GzipLevel parameter sets Gzip configuration information for the Exchange Web Services virtual directory. This parameter can be set to the following values:

Off This value results in no compression.
Low This value results in static compression only. Don't use this setting for Exchange Web Services because Exchange Web Services content is dynamic. You get a warning if you set the GzipLevel parameter to this value. If you use this setting, it behaves the same as the Off setting.
High This value results in static and dynamic compression. Content from Exchange Web Services is compressed if clients have indicated support for Gzip compression in their requests.
Error This value identifies errors in the Gzip compression configuration.

InternalNLBBypassUrl

Optional

System.Uri

The InternalNLBBypassUrl parameter specifies the URL of the Client Access server, regardless of whether it's behind a Network Load Balancing (NLB) array. Although the InternalUrl parameter is set to the URL of the NLB array, the InternalNLBBypassUrl parameter should always be set to the URL of the Client Access server. This is because certain Exchange Web Services calls require machine affinity, and Exchange Web Services proxy incoming calls to a more appropriate Client Access server whenever possible.

InternalUrl

Optional

System.Uri

The InternalUrl parameter specifies the host name of the Exchange server for a connection from inside the firewall. This setting is also important when SSL is used.

LiveIdBasicAuthentication

Optional

System.Boolean

This parameter is reserved for internal Microsoft use.

LiveIdSpNegoAuthentication

Optional

System.Boolean

This parameter is reserved for internal Microsoft use.

MRSProxyEnabled

Optional

System.Boolean

The MRSProxyEnabled parameter specifies whether to enable MRSProxy for the Client Access server. MRSProxy is a service that runs on Client Access servers in a remote forest and helps to proxy a mailbox move. For more information about MRSProxy, see Understanding Move Requests.

MRSProxyMaxConnections

Optional

Microsoft.Exchange.Data.Unlimited

The MRSProxyMaxConnections parameter specifies the maximum number of simultaneous move sessions that an instance of MRSProxy will accept. This setting accepts values from 0 to unlimited. The default value is 100. For more information about MRSProxy, see Understanding Move Requests.

UpdateManagementVirtualDirectory

Optional

System.Management.Automation.SwitchParameter

The UpdateManagementVirtualDirectory parameter makes sure that the Exchange Web Services objects in Active Directory and the respective objects in Internet Information Services (IIS) are up to date and consistent.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

WindowsAuthentication

Optional

System.Boolean

The WindowsAuthentication parameter specifies whether Integrated Windows authentication is permitted on the Exchange Web Services virtual directory.

WSSecurityAuthentication

Optional

System.Boolean

The WSSecurityAuthentication parameter specifies whether Web Services Security authentication is enabled on the Exchange Web Services virtual directory. This parameter can be used with BasicAuthentication, DigestAuthentication, and WindowsAuthentication.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

Examples

EXAMPLE 1

This example sets the authentication method to Basic authentication for the virtual directory EWS on the server Contoso. This example also sets the external and internal URLs for this virtual directory.

	Copy Code
Set-WebServicesVirtualDirectory -Identity Contoso\EWS(default Web site)-ExternalUrl https://www.contoso.com/EWS/exchange.asmx -BasicAuthentication $true -InternalUrl https://contoso.internal.com/EWS/exchange.asmx

Copy Code

Set-WebServicesVirtualDirectory -Identity Contoso\EWS(default Web site)-ExternalUrl https://www.contoso.com/EWS/exchange.asmx -BasicAuthentication $true -InternalUrl https://contoso.internal.com/EWS/exchange.asmx

EXAMPLE 2

This example uses a wildcard character instead of "default Web site" as was used in Example 1

	Copy Code
Set-WebServicesVirtualDirectory -Identity Contoso\EWS* -ExternalUrl https://www.contoso.com/EWS/exchange.asmx

EXAMPLE 3

This example enables MRSProxy on the EWS default web site. MRSProxy is the service responsible for assisting in remote mailbox moves.

	Copy Code
Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -MRSProxyEnabled $true