Exchange Admin Center Doesnt work. Exchange Virtual Directory permission defaults

I just installed Exchange 2013 and  wanted To make them public for those who need to get back to a baseline setting. The configuration below is illustrative of a two machine setup. The Mail role is installed on 2013MB and the Client access roll is set up on the 2013CAS machine.

this may not be perfect for all scenarios  but it should be a good reference for default settings. If you find yours are different out of the box, please let me know. This is after installing 2013 CU2.

notice the screen shot command may not match the text command. In some cases I provided multiple ways to run the command to get results per server or for both servers at one time.

Auto discover

Get-AutodiscoverVirtualDirectory -ShowMailboxVirtualDirectories | fl name, internal*, external  *, *authentication



get-EcpvirtualDirectory -ShowMailboxVirtualDirectories | fl name, internal*, external*, *authentication


Web Services

Get-WebServicesVirtualDirectory 2013cas\ews* | fl name, internal*, external*, *authentication


Active Sync

Get-activesyncvirtualDirectory mailbox\microsoft* | fl name, internal*, external*, *authentication




Get-OwaVirtualDirectory -ShowMailboxVirtualDirectories | fl name, internal*, external*, *authentication



Get-OutlookAnywhere -ShowMailboxVirtualDirectories | fl name, internal*, external*, *authentication

This will not return a value as the only one that will connect to external acess is the FE – the BE RPC talks to the Front end RPC only. Do not change these settings in IIS!!  all of the command only return the RPC for the front end server. Do not make changes to the “Exchange Back End” directory





set auto discover virtual directory

This should be the only thing you need to do to set the Virtual directories. if you set the URL and add the mail domain to Exchange under “configure access domain”, you will be done. There are no crazy settings to change in IIS. Here is where you set the External access domain. See the Wrench here- That is where you configure it


Next you can set the URL for your mail domain.

Set-ClientAccessServer -Identity mailbox -AutoDiscoverServiceInternalUri “Https://

Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri

the final item is the add your certificate to exchange and that’s it. That is outside the scope of this article but there are many exchange gurus that you can look at for that item. I included an example form the

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s