Anonymous Authentication Enabled for Virtual Directory


Topic Last Modified: 2009-08-18

The Microsoft Exchange Analyzer tool sends an anonymous HTTP request from the remote server to the URL being tested. If the request succeeds but anonymous access should not be allowed on this virtual directory, then the Exchange Remote Connectivity Analyzer tool displays the following error message.

"Anonymous authentication enabled for virtual directory."

Outlook Web Access, Exchange ActiveSync, Outlook Anywhere or RPC over HTTPS, Autodiscover and other Exchange Web Services including the Availability Service and Web-distributed Offline Address Books require specific authentication methods. If Anonymous access is allowed in lieu of, or in addition to, other required authentication methods, then your server isn't as secure from a security perspective and unexpected results can occur.

For More Information

To resolve this issue, review the following documentation and confirm that the virtual directories on your Exchange server have the proper authentication methods enabled for each application or service.

The Exchange Remote Connectivity Analyzer is a new tool with limited documentation at this time. In an effort to improve the documentation for each of the errors you might receive, we would like to solicit additional information from the community. Please use the Community Content section below to post additional reasons why you failed at this point. If you need technical assistance, please create a post in the appropriate Exchange TechNet forum or contact support.