you have to uncheck the "anonymous access" from all exchange feature : OWA, OMA and RPC in the IIS.
then you have to create the exchange-oma directory in the IIS and in "authenticated access" select "integrated windows authentication" and "basic authentication". in the default domain type ( \ ) without bracket.
in the exchange and OMA directory in the IIS only select "basic authentication".
then you have to uncheck the option "require secure channel SSL" from the exchange-oma and OMA directory in IIS.
also, you have to know that may be my IIS directory name is not the same as your IIS. but they all mean the same thing