5. Configure the OWA Directories
You need to configure your OWA-specific directories—ExchWeb, Exchange, and Public—to force SSL connections, require a client certificate, and require Basic authentication. Using only Basic authentication provides the greatest level of compatibility and the most transparent access for remote OWA users, but if you plan to support Exchange ActiveSync (as in our example), you'll also need to enable Integrated authentication on the Exchange directory.
In the Internet Information Services (IIS) Manager console's left pane, right-click the ExchWeb directory and select Properties from the context menu. Go to the Directory Security tab. Click Edit in the Authentication and access control section to open the Authentication Methods dialog box. Be sure that the Enable anonymous access check box is cleared. You don't want to entertain the possibility of an unauthenticated connection from remote users to any directory on the OWA server. Select the Basic authentication check box and enter the default domain's NetBIOS name in the Default domain text box. In this example we enter DOMAIN as the NetBIOS name for our default domain. Click OK.
While still on the ExchWeb Properties dialog box's Directory Security tab, click Edit in the Secure Communications section. In the Secure Communications dialog box, which Web Figure 2 shows, select the Require secure channel (SSL) and Require 128-bit encryption check boxes and the Require client certificates option. Click OK to save the secure communications options, then click OK to save the ExchWeb directory's configuration. In the Inheritance Overrides dialog box, click Select All, then click OK. . . .
Register
