Determining if Basic Authentication Is Enabled on Your Network

  • 7019537
  • 25-May-2017
  • 24-Jul-2017

Environment

Exchange

Situation

How to determine if Basic Authentication is enabled on the network See Also: Exchange Module Setup Instructions

Resolution


IMPORTANT: ALL CAS servers must have Basic Authentication for Autodiscover and EWS enabled, and in the true state.

There are two Exchange Management Shell (EMS) commands that can be run to determine the network status. One for EWS and one for Autodiscover.

To determine the status of the deployment of Basic Authentication for EWS across the network. In Exchange Management Shell on the Exchange server, run the command.

Get-WebServicesVirtualDirectory | fl >C:\ews.txt (most detailed as below)
or
Get-WebServicesVirtualDirectory | ft server,basicauthentication (simpler)


The file will contain output that looks something like this:

RunspaceId : 33ac48e8-9ff0-461f-b604-6ea6ef8a3bf4
CertificateAuthentication :
InternalNLBBypassUrl :
GzipLevel : Low
MRSProxyEnabled : False
Name : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
MetabasePath : IIS://EXMS.support.LOCAL/W3SVC/1/ROOT/EWS
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\EWS
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 775.38)
Server : EXMS
InternalUrl : https://mail.support.com/EWS/Exchange.asmx
ExternalUrl : https://mail.support.com/ews/exchange.asmx
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=EXMS,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Exchange,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=support,DC=LOCAL
Identity : EXMS\EWS (Default Web Site)
Guid : 62be879a-5a5c-495a-8cca-481bfd1c40c2
ObjectCategory : support.LOCAL/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged : 3/20/2014 1:49:19 PM
WhenCreated : 2/21/2014 11:22:32 AM
WhenChangedUTC : 3/20/2014 8:49:19 PM
WhenCreatedUTC : 2/21/2014 7:22:32 PM
OrganizationId :
OriginatingServer : LA-DC1.support.LOCAL
IsValid : True
ObjectState : Changed

RunspaceId : 33ac48e8-9ff0-461f-b604-6ea6ef8a3bf4
CertificateAuthentication :
InternalNLBBypassUrl :
GzipLevel : Low
MRSProxyEnabled : False
Name : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : False DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
MetabasePath : IIS://EXMS2.support.LOCAL/W3SVC/1/ROOT/EWS
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\EWS
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 775.38)
Server : EXMS2
InternalUrl : https://mail.support.com/EWS/Exchange.asmx
ExternalUrl : https://mail.support.com/EWS/Exchange.asmx
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=EXMS2,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Exchange,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=support,DC=LOCAL
Identity : EXMS2\EWS (Default Web Site)
Guid : 35cf96b1-29b4-442e-81c2-93298a8526af
ObjectCategory : support.LOCAL/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged : 3/20/2014 1:49:37 PM
WhenCreated : 3/13/2014 10:30:45 AM
WhenChangedUTC : 3/20/2014 8:49:37 PM
WhenCreatedUTC : 3/13/2014 5:30:45 PM
OrganizationId :
OriginatingServer : LA-DC1.support.LOCAL
IsValid : True
ObjectState : Changed

 

To check the status of Basic Authentication for Autodiscover run the following command:

Get-AutoDiscoverVirtualDirectory | fl >C:\auto.txt (most detailed as below)
or

Get-AutoDiscoverVirtualDirectory | ft server,basicauthentication (very simple)

The file will contain output that looks something like this:


RunspaceId                      : 4e84ae9a-be53-4602-b607-1649b323b1ad
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication   : False
WSSecurityAuthentication        : True
LiveIdBasicAuthentication       : False
BasicAuthentication             : True DigestAuthentication            : False
WindowsAuthentication           : True
OAuthAuthentication             : True
AdfsAuthentication              : False
MetabasePath                    : IIS://EXMAIL.ad.gwavasupport.com/W3SVC/1/ROOT/Autodiscover
Path                            : D:\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
AdminDisplayVersion             : Version 15.0 (Build 847.32)
Server                          : EXMAIL
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web
                                  Site),CN=HTTP,CN=Protocols,CN=EXMAIL,CN=Servers,CN=Exchange Administrative Group
                                  (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=gwavasupport,CN=Microsoft
                                  Exchange,CN=Services,CN=Configuration,DC=ad,DC=gwavasupport,DC=com
Identity                        : EXMAIL\Autodiscover (Default Web Site)
Guid                            : 9117a095-49e0-49a5-8f55-ba307e664c05
ObjectCategory                  : ad.gwavasupport.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 1/30/2015 1:56:13 PM
WhenCreated                     : 1/30/2015 1:56:13 PM
WhenChangedUTC                  : 1/30/2015 8:56:13 PM
WhenCreatedUTC                  : 1/30/2015 8:56:13 PM
OrganizationId                  :
OriginatingServer               : EXMAIL.ad.gwavasupport.com
IsValid                         : True
ObjectState                     : Changed

 

Changing Settings:

You can modify these values from the Exchange Management Shell (2010 & 2013)

 

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 2395.