Whenever you mess up with authentication methods on the IIS or through powershell, services may not function properly, especially the published ones. Blew is the default authentication methods published at Exchange Team Blog site:
Exchange Server 2010 with the Client Access Server (standalone):
|
Location |
Authentication |
SSL Setting |
Management |
|
Default Web Site |
Anonymous |
Required |
IIS Management Console |
|
aspnet_client |
Anonymous |
Required |
IIS Management Console |
|
Autodiscover |
Anonymous / Basic / Windows Authentication |
Required |
Exchange Management Shell |
|
ECP |
Anonymous / Basic |
Required |
Exchange Management Console or Shell |
|
EWS |
Anonymous / Windows Authentication |
Required |
Exchange Management Shell |
|
Microsoft-Server-ActiveSync |
Basic |
Required |
Exchange Management Console or Shell |
|
OWA |
Basic |
Required |
Exchange Management Console or Shell |
|
Powershell |
Anonymous |
Not Required |
Exchange Management Shell |
|
RPC |
Basic / Windows Authentication |
Required |
Exchange Management Shell |
|
RpcWithCert |
all options Disabled |
Required (128 bit not checked) |
N/A |
|
OAB |
Windows Authentication |
Not Required |
Exchange Management Console or Shell |
Exchange Server 2010 Mailbox role (standalone):
|
Location |
Authentication |
SSL Setting |
Management |
|
Default Web Site |
Anonymous |
Required |
IIS Management Console |
|
PowerShell |
Anonymous |
Not Required |
Exchange Management Shell |
CMDlet list for those that can only be modified in the Management Shell:
Set-AutoDiscoverVirtualDirectory
Set-WebServicesVirtualDirectory
Set-PowershellVirtualDirectory
Set-OutlookAnywhere (for the RPC virtual directory)