exchange 2003 sp2 PPC 6700 Activesyn issues

You need to deal with the certificate issue first - as ActiveSync cannot deal with any certificate prompts. That usually involves using a commercial certificate and/or installing the root certificate.

Is that the message that you are getting with friendly http error message turned off?

Simon.

I have a a certificate that I purchased from rapidssl, when I look at the cert details in IE on my xp machine it says Issued by: Equifax Secure Global eBusiness CA-1.  I am not aware of how to turn on or off friendly http error messages on my PPC 6700 web browser.  

I tried to login to https://mail.server.com/oma from my xp machine w/ and w/out friendly http error message on and got the exact error both times.

  A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.

The Address URL is: https://mail.server.com/oma/(xieveerz1o2fwp45dfbu1m45)/oma.aspx

Thanks for your quick response.

Do the initial diagnosis on your desktop using Internet Explorer - IE on the desktop lets you turn off friendly http error messages.

The RapidSSL root certificate isn't in the Pocket PC devices, but is easily deployed. I use RapidSSL myself, so I have written up the process on my web site: http://www.amset.info/pocketpc/certificates.asp

You might also want to get hold of the Windows Mobile 5.0 emulator - that allows you to play around with a standard build of Windows Mobile - although they don't have an MSFP option yet.

On the Server itself, make sure that the /oma virtual folder is set to scripts only, and is using the "ExchangeMobileBrowseApplication" application pool.

On the Exchange-Server-ActiveSync virtual folder it should be scripts and executables, using the "ExchangeApplicationPool" application pool.

Simon.

When I use my XP machine and go to https://mail.server.com/oma w/ friendly messages off I get "  A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator." and I do not get any security errors.

I checked the settings on the /oma and /Microsoft-Server-ActiveSync virutal folders and they are as you describe above.


I also followed your steps on your website and installed the root certificate.  I am no longer getting the security warning on my PPC but I am getting the same system error on my PPC as I am on my XP machine.

Have you seen that system error before?

JMG

Also another thing to note...  I only have one exchange server, don't have a front-end and back-end server.  At one point in troubleshooting I found this KB article http://support.microsoft.com/Default.aspx?kbid=817379 I followed method 2 and created the ExchDAV folder and added the value to the registry.

I am not sure if that is what is the problem, I did the above before I upgraded to SP2, I just upgraded to SP2 yesterday hoping that would fix my problem.

JMG

One more thing.  Nothing is being logged in the application log for any OMA or ActiveSync errors.  Matter of fact no errors are being logged at all.

JMG

Are you using FBA on OWA?
Make sure that have integrated and basic authentication enabled on the /exchange and /exadmin virtual directory, basic only on the /oma virtual directory, integrated only on the /exchange-server-activesycn directory and anonymous only on the /exchweb virtual directory.

Also ensure that REQUIRE SSL is not enabled on the /exchange virtual directory.

Has the .net framework 2.0 been installed on this machine? Make sure that the correct version is being used.

The fact that you aren't getting errors in the event log is a good sign in some ways as it rules out some of the problems with this feature - which either seems to work or doesn't.

Simon.

All the directory security is now setup as you describe above.  I am still getting the error.  

After changing the settings, do I need to reboot or something?  I tried again and I get the same error.

I would like to force my users to use SSL when they are checking their webmail.  I have a  redirect script that forces them to use HTTPS and then login.  Could that be messnig things up?  I had REQUIRE SSL on the /exchange virtual directory, but I disabled that as you told me too.

Can you explain how to check if the .net framework 2.0 has been installed?

Thanks,

JMG

In administrative tools I have Microsoft .NET framework 1.1 Configuration and Microsoft .NET Framework 1.1 Wizards.  Does that mean I need to install .NET 2.0?

BTW.. I just verified that I am not using Forms Based Authentication.

Also, now when I try to use activesync on my ppc instead of the error message I was getting it now asks me to please correct your exchange server password.  Everytime I put in my correct password that message box comes back up.  I tried checking and unchecking the "This server requires an encrypted (SSL) connection" and I get the same results.  Nothing is being logged in the exchange server application log.

You cannot have REQUIRE SSL enabled on the /exchange virtual directory as that will break OMA and Exchange Active Sync. Those two processes make an internal call that goes over port 80 only and enforcing SSL will stop it from working.
The way that I force the users to use https is by simply refusing to open port 80 on the firewall. They will quickly learn.
If you only have port 443 open then you can remove the require SSL option on the virtual directories.
If you have users who will simply complain, then put the direct on your public web site, so that they can type in www.domain.com/mail (for example) which will redirect them to https://mail.domain.com/exchange
I have the small snippet of asp code that can do that for you on my web site: http://www.amset.info/exchange/owa-redirectpages.asp 

You don't need to have .net framework 2.0 installed. The reason I asked was to ensure that you had the right version being used for this feature. It isn't compatible with version 1.1 - and you have to treat both versions as separate entities - the version 2.0 installation does not contain the version 1.1 files.

Simon.

i disabled the require ssl option and still getting same message.  any other suggestions to get my ppc working with activesync?

thanks
jmg

Does OMA work?
They use the same backend structure.

Remember that the errors are cached, so you have to accept the error, not just see the problem and presume it hasn't worked.

When you enter username and password, are you entering it in the format of username/password or domain\username and password?

Simon.

I undid the registry edit and the rest of the step in the instructions listed in the microsoft KB article that I mentioned above.  OMA now works on both my XP machine and my PPC, however, I cannot get activesync to work.  It keeps asking me to enter my password.  If I try to setup activesync on my xp machine with my ppc connected I get the following error from activesync "No Microsoft Exchange Server was detected at the specified address.  Click Retry to check the address again, or click Continue to configure your Pocket PC to synchronize with this server anyway.  

Any ideas as to why it won't take my password?

Thanks,
JMG

I added basic authentication in the authentication methosed for Microsoft-Server-AcitiveSync authentication and access control and it now works?  Above you told me to only have Integrated Windows authentication enabled.  Is there an issue with having basic enabled as well?

Thanks for all your help...

I have a ton of notes on this process at home in Onenote, waiting to be typed up for my web site or blog. Must get round to it this week so that I don't make silly errors like the one above. Sorry about that.

Glad you got it working despite my attempt to ruin everything. :-D

Simon.