Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-03-19
After you have installed the Client Access server role on an Exchange Server 2010 computer, Exchange ActiveSync is enabled by default. An Exchange ActiveSync virtual directory is created on the Exchange 2010 Client Access server. You can configure a variety of options on that virtual directory.
Looking for other management tasks related to Exchange ActiveSync virtual directories? Check out Managing the Exchange ActiveSync Virtual Directory.
Prerequisites
The Client Access server role has been installed on an Exchange 2010 computer. For more information, see Install Exchange Server 2010.
What Do You Want to Do?
Use the EMC to view or configure the Exchange ActiveSync virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.
- In the console tree, navigate to Server Configuration
> Client Access.
- In the work pane, click the Exchange ActiveSync tab, and
then click the Microsoft-Server-ActiveSync virtual
directory.
- In the action pane, under click
Microsoft-Server-ActiveSync, click Properties.
- Use the General tab
to view display-only information about the Exchange ActiveSync
virtual directory and to modify the Internal and External URLs.
- Server This read-only field shows the
name of the server the virtual directory is located on.
- Web site This read-only field shows the
name of the Web site that holds the virtual directory. Normally,
this will be the Default Web Site.
- SSL Enabled This read-only field shows
the Secure Sockets Layer (SSL) status of the virtual directory. The
default is True.
- Modified This read-only field shows the
date and time that the virtual directory was last modified.
- Internal URL This field shows the
InternalURLsetting for the virtual directory. In most cases, you shouldn't change this setting.
- External URL This field shows the
ExternalURLsetting for the virtual directory. In an Internet-facing Active Directory site, this field will be populated with the external DNS endpoint for Exchange ActiveSync, for example, http://contoso.com/Microsoft-Server-ActiveSync.
- Server This read-only field shows the
name of the server the virtual directory is located on.
- Use the
Authentication tab to control the authentication methods for
the Exchange ActiveSync virtual directory.
- Basic authentication (password is sent in clear
text) Select this check box if you want the
mobile device to send the user name and password in clear text.
Important Because passwords are sent in clear text with Basic authentication, you should configure SSL to encrypt data transferred between your mobile clients and the Exchange ActiveSync virtual directory.
- Client Certificate
authentication Select whether you want to
ignore, accept, or require client certificate authentication.
Certificates can reside in the certificate store on a mobile device or on a smart card. A certificate authentication method uses the Extensible Authentication Protocol (EAP) and Transport Layer Security (TLS) protocols. In EAP-TLS certificate authentication, the client and the server prove their identities to each other. For example, an Exchange ActiveSync client presents its user certificate to the Client Access server, and the Client Access server presents its computer certificate to the mobile device to provide mutual authentication.
Note Requiring client certificates will force you to configure SSL on the Web site that's hosting the Exchange ActiveSync virtual directory.
- Basic authentication (password is sent in clear
text) Select this check box if you want the
mobile device to send the user name and password in clear text.
-
Exchange ActiveSync clients can access files and Web sites that are
located on Windows SharePoint Services and Windows file shares. Use
the Remote File Servers tab to specify allowed and blocked
host names for your Exchange ActiveSync clients. This tab also
allows you to configure which domains are treated as internal.
- Block List Click Block to
configure a list of host names of servers to which clients are
denied access.
The Block list takes precedence over the Allow list. To add a host name to the Block list, type the host name in the Block List dialog box, and then click Add. To remove a host name from the Block list, select the host name, and then click Delete in the Block List dialog box.
- Allow List Click the Allow
button to configure a list of host names of servers from which
clients are allowed to access files.
To add a host name to the Allow list, type the host name in the Allow List dialog box, and then click Add. To remove a host name from the Allow list, select the name, and then click Delete in the Allow List dialog box.
If a host name is specified in the Allow list and the Block list, clients will be blocked from accessing files from that host name.
- Unknown Servers Use this list to
specify how to access files from host names that aren't listed in
either the Block list or the Allow list. The default value is
Allow.
- Enter the domain suffixes that should be treated as
internal Use this option to configure specific
host names as internal host names. Click Configure to add
host names to the Internal Domain Suffix List.
When clients try to access files on one of these host names, Exchange ActiveSync uses the internal network to access these files instead of trying to access them over the Internet.
- Block List Click Block to
configure a list of host names of servers to which clients are
denied access.
Use the Shell to configure the Exchange ActiveSync virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.
This example configures the Exchange ActiveSync virtual directory with Basic authentication and an External URL of http://contoso.com/Microsoft-Server-ActiveSync.
 Copy Code |
|
|---|---|
Set-ActiveSyncVirtualDirectory -Identity "http://contoso/microsoft-server-activesync" -BasicAuthEnabled:$true -ExternalURL http://contoso.com/Microsoft-Server-ActiveSync |
|
This example configures the Exchange ActiveSync virtual directory with Basic authentication and adds a site to the blocked list.
| Copy Code |
|
|---|---|
Set-ActiveSyncVirtualDirectory -Identity "contoso\microsoft-server-activesync" -BasicAuthEnabled:$true -RemoteDocumentsBlockedServers http://fourthcoffee.com |
|
For syntax and parameter information, see Set-ActiveSyncVirtualDirectory.
Use the Shell to view the Exchange ActiveSync virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync virtual directory settings" entry in the Client Access Permissions topic.
This example returns the settings for the Exchange ActiveSync virtual directory on the server CAS-01.
| Copy Code |
|
|---|---|
Get-ActiveSyncVirtualDirectory -Server "CAS-01" |
|
This example returns the settings for a specific Exchange ActiveSync virtual directory on the server CAS-01.
| Copy Code |
|
|---|---|
Get-ActiveSyncVirtualDirectory -Server "CAS-01" -Identity "Microsoft-Server-ActiveSync" |
|
This example returns the settings for the Exchange ActiveSync virtual directory on the server CAS-01, for the domain controller DOM-01.
| Copy Code |
|
|---|---|
Get-ActiveSyncVirtualDirectory -Server "CAS-01" -DomainController "DOM-01" |
|
For syntax and parameter information, see Get-ActiveSyncVirtualDirectory.
Other Tasks
After you configure Exchange ActiveSync virtual directory properties, you may also want to View or Configure Exchange ActiveSync Mailbox Policy Properties.