How to create a second virtual directory for Exchange that does not require SSL

How to create a second virtual directory for Exchange that does not require SSL

This document describes how to create a second Exchange virtual directory that does not require SSL, and then add a new registry value to point to the new directory. This document is relevant to Exchange 2003 only.

Why might you need to make this change?
The ActiveSync service within Exchange 2003 uses the /Exchange virtual directory to access OWA templates and DAV on the Exchange server on which the user's mailbox is located. ActiveSync cannot access this virtual directory if either of the following conditions is true:

• The /Exchange virtual directory on an Exchange back-end server is configured to require SSL.
• Forms-based authentication is enabled.

1. Open the Exchange System Manager
2. Locate OrganisationName » Servers » ServerName » Protocols » HTTP » Exchange Virtual Server.
3. Right-click Exchange Virtual Server, select Properties and select the Settings tab
4. If Forms Based Authentication is enabled – untick to disable. We will re-enable this at the conculsion of this procedure. If Forms Based Authentication is not enabled, close the Exchange System Manager.

1. Start the Internet Information Services (IIS) Manager.
2. Locate the Exchange virtual directory. The default location is Web Sites Default Web Site Exchange.
3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4. In the File Name box, type a name, For example type 'ExchangeVDir'. Click OK. Right-click the root website (typically this is named "Default Web Site"). Click New and then 'Virtual Directory (from file)'.
5. In the Import Configuration dialog box click Browse, locate the file that you created in step 4, click Open and then Read File. Under 'Select a configuration to import', click Exchange and then click OK
6. A dialog box will appear that states that the 'virtual directory already exists'. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. It is recommended to use 'exchange-oma' in order to maintain compatibility with future Microsoft patches. Click OK.    
   • NOTE: If there is already an exchange-oma directory, rename the old directory to another name (e.g. exchange-oma1) and proceed as below.
7. Right-click the new virtual directory 'exchange-oma'.  Click properties. Click the Directory Security tab. Under 'Authentication and access control' click Edit. Make sure that only the following authentication methods are enabled, and then click OK:
   • Integrated Windows Authentication
   • Basic Authentication
8. Under Secure communications click Edit. Make sure that 'Require secure channel (SSL)' is not enabled and then click OK.
9. Click OK on the Properties windows and then close the IIS Manager.

1. Click Start then Run and type 'regedit' to open the registry editor. Locate the following registry subkey:
   • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMasSyncParameters
2. Right-click Parameters and choose New » String Value. Type 'Exchange VDir' and then press Enter. Right-click ExchangeVDir, and then click Modify. Note that ExchangeVDir is case-sensitive. If you do not type ExchangeVDir as shown, ActiveSync does not find the key when it locates the exchange-oma folder.
3. In the Value data box type the name of the new virtual directory that you created earlier preceded by a forward slash (/), i.e. /exchange-oma. Click OK and close the Registry Editor.
4. Open Control Panel » Administrative Tools » Services. Locate the 'IIS Admin' service and restart this.
   

1. Open Exchange System Manager
2. Locate OrganisationName » Servers » ServerName » Protocols » HTTP » Exchange Virtual Server.
3. Right-click Exchange Virtual Server, select properties and select the Settings tab
4. Re-enable Forms Based Authentication.

Back to Original Question