kkmamaril
asked on
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
Recently I configured my exchange server for Outlook over HTTPS. Now I am trying to setup a windowsmoblie device to use active sync with direct push. When I do an active sync I get error 85010014 on the device. and I get the following event on my exchange server.
Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3029
Description: The mailbox server [%1] has its [%2] virtual directory set to require SSL. Exchange ActiveSync cannot access the server if SSL is set to be required.
I have found the following knowledgebase article. http://support.microsoft.com/kb/817379/
In it it says one resolution is to set up my exchange server as a fron end server to do so I can use the following solution.
http://support.microsoft.com/kb/818476/
In this article it describes a front end server "A front-end server does not host the Exchange information store databases. Front-end servers accept requests from clients and forward the requests to the appropriate back-end server for processing."
My question is I believe I am running my server as a back end server. Although I only have the one exchange 2003 server. Can I follow the Q article and enable the server as a front end server without messing everything up? What do I need to watch out for if I am doing this? Is there anything that it could undo? etc.etc. Thanks
Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3029
Description: The mailbox server [%1] has its [%2] virtual directory set to require SSL. Exchange ActiveSync cannot access the server if SSL is set to be required.
I have found the following knowledgebase article. http://support.microsoft.com/kb/817379/
In it it says one resolution is to set up my exchange server as a fron end server to do so I can use the following solution.
http://support.microsoft.com/kb/818476/
In this article it describes a front end server "A front-end server does not host the Exchange information store databases. Front-end servers accept requests from clients and forward the requests to the appropriate back-end server for processing."
My question is I believe I am running my server as a back end server. Although I only have the one exchange 2003 server. Can I follow the Q article and enable the server as a front end server without messing everything up? What do I need to watch out for if I am doing this? Is there anything that it could undo? etc.etc. Thanks
LeeDerbyshire
Remove the requirement for SSL on your OWA installation, check that A/S and OMA work, and then use the method described in the 817379 article. You don't need to change the FE/BE status of your server - I think you may have misunderstood something. Then you can reenable SSL on your OWA.
What I sometimes find is that you remove the SSL and FBA, then you need to run iisreset to get the change to write to the metabase. Then carry out the export as outlined in 817379. After completing that task, turn SSL and FBA back on again.
A frontend server is a separate Exchange server. It requires an additional Exchange server license. A frontend server does NOT contain any mailboxes.
Simon.
A frontend server is a separate Exchange server. It requires an additional Exchange server license. A frontend server does NOT contain any mailboxes.
Simon.
ASKER
OK I'll give it a try thanks.
ASKER
My user left with his phone. I'll update you on Monday. Question would FBA have to be enabled for active synce to work?
A/S will not with with FBA on the Exchange OWA Virtual Directory. If you want to use FBA, then that is another reason, besides SSL, that you would follow KB817379.
ASKER
Ok I tried following the directions with limited success. Yesterday I performed the export while my user was out. I forgot to turn off FBA but I did turn off the SSL. I exported and followed the directions. today He could not sync so I turned off the ssl and he could. Then I tried going back through Sembee's directions word for word again and no luck with ssl enabled. Do I have a problem with my certificates? I have them loaded locally on the windows mobile device. I got them from comodo. They issued me a certificate from GTE then from comodo and then one for my site Any Ideas?
ASKER
So here is the question of the day. I had been enabling ssl on our new virtual directory exchange-oma. But the mobile device still had ssl enabled on it. When I would disable ssl on the server but leave it enabled on the device and it would begin to work. I didn't realize this at first but eventually I started to wonder. So I decided to deny port 80 from passing traffic on our companies firewall. Then I synced it worked. Just for grins I disabled ssl on the mobile device. It didn't sync. So OK it appears that the exchange directory on our default iis server had ssl enabled. so is this why it is actually working when exchange-oma's ssl is disabled? Did I just misunderstand what everybody was saying or is my server still sending over port 80 without an ssl certificate? I am guessing that since I closed port 80 on our network firewall and that I have ssl enabled on the windows mobile device that it is inn fact ussing ssl on port 443 with the certificate. Please let me know if I am wrong or wright? I just want to keep my network secure.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks that makes sense.