Your Autodiscover service configuration isn't secure. To fix this problem, disable anonymous access on the Autodiscover virtual directory.
Applies to: Operations Manager Management Pack for Exchange 2010
Topic Last Modified: 2011-08-02
The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.
To learn more about this alert, in Operations Manager, do one or more of the following:
From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.
From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the logged events that meet the criteria of this Operations Manager alert.
Details
Product Name |
Exchange |
Product Version |
14.0 (Exchange 2010) |
Event ID |
0002 |
Event Source |
MSExchange Autodiscover |
Alert Type |
Warning |
Rule Path |
Microsoft Exchange Server/Exchange 2010/Client Access/Auto Discovery |
Rule Name |
Your Autodiscover service configuration isn't secure. To fix this problem, disable anonymous access on the Autodiscover virtual directory. |
Explanation
This Error event indicates that the Microsoft Exchange Autodiscover service was unable to process anonymous requests from an Autodiscover client, for example, an Outlook client. An invalid Autodiscover site configuration and an anonymous client request could cause this error. 'HostName' in the error message text refers to the Domain Name System (DNS) name of the remote client.
Autodiscover requires authenticated clients to connect by using either of these methods:
The client may use a Secure Sockets Layer (SSL) connection to perform Active Directory lookups to find the requested mailbox database.
The client may provide URLs of Exchange services such as the Availability service.
We do not recommend that you enable anonymous authentication as this will give spammers access to e-mail addresses. A HTTP 403 error is sent to the client.
User Action
To resolve this error, do the following:
Check the Autodiscover virtual directory site configuration settings on the Exchange Client Access server (CAS) and make sure SSL is selected for Basic or Integrated Windows authentication (also known as NTLM or Kerberos authentication).
Follow these steps to disable Anonymous access in the Autodiscover virtual directory on the Client Access server.
In Internet Information Services (IIS) Manager, locate the Autodiscover virtual directory.
Right-click Autodiscover virtual directory and select Properties.
On the Directory Security tab, under Authentication and access control, click Edit.
In the Authentication Methods screen, clear Enable anonymous access.
For more information about the Autodiscover service, see Managing the Autodiscover Service.
For More Information
If you are not already doing so, consider running the Exchange tools, which have been created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues and improve mail flow. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.