I'm getting logged error messages about hits to /EWS/Exchange.asmx (does not exist) in the root of one of our web sites on our own server (IIS6 on Windows 2003)
The server does not run exchange at all.
Is this related to any attack that people know of?
From the questions below, this domain does not have any exchange email at all so it looks like a probe from a script. I'll filter it out so our error reporting logger ignores it.
Does the domain that points to the at site use an Exchange server at all (somewhere else)? That URL is the root URL for Exchange web services, in particular it as the Access point ofr the Availability service. In a properly setup Exchange environment the Exchange Auto discover Service provides the URL for the Availability Service, if they are using Exchange somewhere else it could be their Auto discover service is setup incorrectly.
Alternatively it could just be malicious persons probing for Exchange servers that have their Exchange Web Services open to attack. If you don't have exchange I wouldn’t worry to much.
It is the URL for exchange availability services so outlook will look at certain URLs on your domain by default. If it doesn't indicate a misconfiguration with outlook/exchange then you can just ignore it.
Do you have exchange running on the same domain name and wildcard dns pointing to your webserver?