The Microsoft Exchange Autodiscover service configuration is not secure
Topic Last Modified: 2007-11-16
The Microsoft Exchange Server 2007 Management Pack for Microsoft Operations Manager (MOM) monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.
To learn more about this event, do one or more of the following:
Review the description of the event that includes the variables specific to your environment. From the MOM Operator Console, select this alert, and then click the Properties tab.
Review all events that have been logged that meet the criteria of this MOM alert. From the MOM Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description.
Details
Product Name |
Exchange |
Product Version |
8.0 (Exchange Server 2007) |
Event ID |
0002 |
Event Source |
MSExchange Autodiscover |
Alert Type |
Critical Error |
MOM Rule Path |
Microsoft Exchange Server/Exchange 2007/Client Access/Auto Discovery |
MOM Rule Name |
The Microsoft Exchange Autodiscover service configuration is not secure. To fix this problem, disable anonymous access on the Autodiscover virtual directory. |
Explanation
This Error event indicates that the Microsoft® Exchange Autodiscover service was unable to process anonymous requests from an Autodiscover client, for example, an Outlook® client. An invalid Autodiscover site configuration and an anonymous client request could cause this error. 'HostName' in the error message text refers to the Domain Name System (DNS) name of the remote client.
Autodiscover requires authenticated clients to connect by using either of these methods:
The client may use a Secure Sockets Layer (SSL) connection to perform Active Directory® directory service lookups to find the requested mailbox database.
The client may provide URLs of Exchange services such as the Availability service.
We do not recommend that you enable anonymous authentication as this will give spammers access to e-mail addresses. A HTTP 403 error is sent to the client.
User Action
To resolve this error, do the following:
Check the Autodiscover virtual directory site configuration settings on the Exchange Client Access server (CAS) and make sure SSL is selected for Basic or Windows Integrated Windows authentication (also known as NTLM or Kerberos authentication).
Follow these steps to disable Anonymous access in the Autodiscover virtual directory on the Client Access server.
In Internet Information Services (IIS) Manager, locate the Autodiscover virtual directory.
Right-click Autodiscover virtual directory and select Properties.
On the Directory Security tab, under Authentication and access control, click Edit.
In the Authentication Methods screen, clear Enable anonymous access.
For more information about the Autodiscover service, see Managing Autodiscover.
For More Information
To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.
To review Exchange 2007 event message articles that may not be represented by Exchange 2007 MOM alerts, see the Events and Errors Message Center.
If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.