Start Free Trial

asked on

ActiveSync not working after Exchange 2003 IP Change

Hello
We have been supporting ActiveSync on exchange 2003 sp2 for a number of years on both iPhone and Andriod devices.
This weekend I changed the internal IP address on a number of servers including our domain contollers and the Exchange2003 server.
Ever since the change activesync users are reporting they can no longer send, receive or access email from their mobile devices. They get a general failed to connect error. iPhone's seem to get as far as to authenticate but then show the error when trying to access the mailbox. Droid device just gives the error straight away. Outlook Web Access, however, works with no problems.
I have tried poking around in the different areas of Exchange and IIS but haven't been able to figure this out. Furthermore, when i make a change, i'm not sure if a service should be restarted for changes to take affect.

I have checked Firewall and NAT rules, everything is updated to reflect the new address.

What am i missing? Why would the internal IP address change affect this if all else appears to be working?

Please help. thanks....

-anthony

Hi
Are there any events logged in event log ?
Please post the errors

thanks
sunny

What is your default website set to in terms of IP address? All unassigned or a specific IP address?

If the IP address is the old IP address, change it to the new one, ornset it to All Unassigned.

Run iisreset and test the phones again.

ASKER

default website was set to all unassigned. in the drop down list it had the new server IP address and also 2 iSCSI IP Addresses. I changed the setting to point to the server IP address and did the iisreset earlier today but it didn't seem to help.

Application log doesn't show errors just a few information entries for Source: Server ActiveSync today after the iisreset command.

There are multiple errors as follows that came up around the time the IP Address was changed on Saturday but thats it. They occur for each ActiveSync user:

Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            6/5/2010
Time:            11:52:28 AM
User:            DOMAIN\<username>
Computer:      EXCHSRV01
Description:
Unexpected Exchange mailbox Server error: Server: [server.domain.local] User: [first.last@domain.com] HTTP status code: [503]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Can you run the Exchange Activesync test on https://testexchangeconnectivity.com and run the test using manual server settings. If you have a self-signed certificate, check the "Ignore Trust for SSL" check box.

If the test passes happily, I think you just need to wait for 24 hours for the Airtime provider to catch up with the IP address change. They do usually take about 24 hours to cache the change.

Hi

Please try this

start>run>cmd
inetmgr

Go to default website under your server.
Right Click > Properties

Under Website Tab
Go to Web Site Identification.
Next to IP Address
make sure it's all unassigned

Click on Advanced next to it

Make sure there's nothing else there.
Attached screenshot.

Try IISreset after that.

Let me know if this works.

iis-2.jpg

The 3005 error can usually be eliminated by changing the default timeout value on the Default Website from 120 to 480 and running iisreset.

@sunnyc7 - you are just providing the instructions to check the IP on the default website after I already asked that question and cherrylane confirmed the answer.

point @ alan.
I overlooked that.

No worries - at least we are on the same track : )

Alan @ On the same track with a genius in EE :-)
I am honored.

Anthony @ cherrylane - let me know if there are any updates on the case.

If you have a 'exchange-oma' virtual directory, then go to the properties --- > Directory Security ---> IP address and Domain Name Restrictions (Edit)

Check the IP address mentioned over here. You need to update it if required.

ASKER

lastlostlast: the exchange-oma virtual directory was pointing to the old IP address. I changed it to point to the new. I did an iisreset afterwards but still no luck.

There are no errors on the server.

I have an iPhone in front of me. The error that comes up when i try to send a message from that account is: Cannot Send Mail. An error occurred while delivering this message.

When trying to retrieve mail: Cannot Get Mail: The connection to the server failed.

I'm at a loss here. Any other suggestions??

Anything on event logs ?

All IP's should ideally be set to All Unassigned not to a specific IP Address. Please change any virtual directories that are set specifically to an IP and then run iisreset.
Then retest.

ASKER

Unless i missed one, i verified that all IP's are set to All Unassigned. I did an iisreset and no luck

there are no event viewer errors. Only informational messages after the IISRESET command is done.

Do any exchange services need to be restarted for these changes to take affect??

ASKER

as per a suggestion I ran the Exchange Activesync connectivity test on https://testexchangeconnectivity.com.

I choose to Ignore Trust for SSL since my CA is not provided by StartCom.

The Connectivity Test Failed with the error:

ExRCA is attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.

This is an HTTP 500 Response.

The info references KB Article 817379. I run through these steps when initially getting ActiveSync to work with SSL. I checked all settings and they are correct. I did not go through and create another exchange virtual directory, should I?

I'm not getting any of the Event Viewer errors specified in the article.

Aside from restarting the server, I'm out of ideas.

HTTP 500 error is usually resolved by KB883380 - Method 2.
KB817379 usually fixes HTTP 403 errors.
My Exchange 2003 / Activesync article should help you out:
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html

ASKER

I have tried everything and i'm at my wits end. It seems rather drastic but i guess i have to run through KB883380 - Method 2.

Because the server needs to be taken offline i'll have to schedule this for afterhours.

Is there anything else i need to be concerned with. Aside from saving the configuration, should i take note of certain settings before removing all the virtual directory information?

Since i don't have a ActiveSync phone myself i keep testing using the exchangeconnectivity.com site and it keeps failing while attempting the FolderSync command. with an HTTP 500 response. Is this an accurate site to sync with or should i have an actual phone in hand.

thanks all.

It might seem drastic, but it can be very effective!

You do not have to take the server offline to do this, just restart a service.

The test site is a very good gauge of whether or not your server is configured properly and when you get a good result, your iPhone should be a whole lot happier.

There is also the Test Application that you can download to a PC:

https://store.accessmylan.com/main/diagnostic-tools

I would not worry about writing down the settings, but it won't hurt to have a copy of the settings and you can run a backup of the IIS settings before you unleash the article.

http://support.microsoft.com/kb/324277

ASKER

when i said i'd have to take down the server what i meant was that restarting System Attendant would restart the information store as well and cause users to lose connectivity to their mailboxes.

i guess its only brief...

i hope it works.

It is not guaranteed to fix the problem, but it does in most cases.

It will only be a brief amount of disconnection time, but nothing will get lost or delayed.

ASKER

I went through KB883380 - Method 2 and i'm still getting the same exact results from the exchange connectivity website... HTTP 500.

I downloaded the AccessmyLan tool for windows and it fails on User Permissions. Says:
ActiveSync detected, but not correctly configured.[HTTP 500: Forms-based auth enabled?]

the suggestions for possible causes:
- forms based authentication is enabled on the exchange server
- integrated windows auth is not enabled on the exchange virtual directory
- the exchange virtual directory in microsoft IIS is configured to accept only SSL connections

I've gone through this a few times now and I think i have everything set correctly. Futhermore, this has been working for years and only after the internal IP address change did it stop. What am i missing here??

Have you change the port forwarding on the router?

Is the default website security set correctly?

Have you checked the IIS settings properly against my article?

What is on your certificate name wise?

ASKER

Unless I've missed something here i've checked all of this multiple times.

- port forwarding or NAT on firewall is point to the new exchange server IP address. I have no issues getting to the OWA server. The same firewall rule is NAT rule is set for that.

- Default Website Security... i've been through so many articles, so many times and reset IIS so many times that i fear i changed something at some point that could be affecting this issue. Is there something specific i should double check??

- I have checked IIS settings against your article, but again, in trying to get it working i feel like i've made so many changes that perhaps something somewhere is still wrong.

- our certicate points to the web address for access to OWA

Even after all the changes the same error keeps coming up. This tells me either i missed a setting multiple times or the issues is elsewhere where i haven't ventured yet.

Can you please setup a test user account for me and email me the details so that I can run the tests from my side and hopefully nail the problem. Details are in my profile.

hi anthony
I am just shooting in the dark here.

Is there windows firewall running on the exchange server. check services - if yes - stop it.
restart IIS

http://www.microsoft.com/windowsmobile/en-us/help/synchronize/activesync-corp-troubleshooting.mspx

ASKER

sunnyc7: windows firewall is not enabled.

alan: sending you an email.

Thanks - I get the Username or Password is incorrect!

ASKER

After 2 full days of troubleshooting with the help of experts exchange and 7 hours on the phone with 2 different Microsoft techs the issue has been resolved!

The cause was what i consider a basic, stupid, networking 101 faux pas, yet, no one even considered it.

Anyone care to venture a guess?

Sorry for the games but after 7 hours on the phone, and realizing the cause, its all i have left.

i will wait for alan to go first :-)

(trust me - this is turning out to be a summer blockbuster.)

IP Address on a different subnet ?

I was just walking out the door and came back and wrote that.

the suspense is killing me....

Subnet Mask / Default gateway incorrect?

Go on - give us a clue to chew over : )

Assuming it is something very silly and relating to the IP settings you chose / set, it is often the simple stuff that gets overlooked because there is the assumption that you know what you are doing (well - hopefully!).

I am stuck in traffic and refrshing this page.
Please please please

Patience now!

Anthony. Any clues ? Just reached home and still refreshing this.

Ps: how many points do we get if we win this guessing game. Haha

ASKER

I forgot to plug in the network cable.... Just kidding.

The answer resides in a little 5 letter file that I will never overlook again no matter how trivial the problem. The mouse could stop working and I'll check this file before I try switching out the mouse.

Lmhost ?
Really ??

That's not 5 letter. I will wait for alan.

Hosts?

I think you got it :-). Will wait for anthony's confirmation.

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Oh well - another step to add to my article. Sorry we couldn't nail it for you.

Thanks for the update and don't forget to close the question down by accepting your last comment as the solution.

ASKER

personally, i'm surprised that exchange even functioned at all and that this was the only issue that came up. No event viewer errors, nothing to really go on.

Thinking back, I'm pretty sure at some pont the idea popped into my head to check the hosts file, but then i thought how could exchange possibly be working.

anyway, on to the next issue.

thanks again.

Anthony / alan
What is the "lessons learned" from this experience which we can use for future troubleshooting.

Thanks

Lessons learned:

Ask more questions about the IP addressing
Don't forget about the hosts file!
Use Exchange Best Practise Analyzer
Don't mess with the hosts file on the server in the first place : )

It is always helpful to see the server and look about on it which Microsoft could do. Working blind can make life tricky, but we have to be creative and inventive.

ASKER

Be aware that the Exchange Best Practice Analyzer worked fine from my workstation and showed no critical errors. It just couldn't find the exchange server when the tool was run from the exchange server.

Even with Microsoft looking at the server, in my opinion, didn't help much since it took so long and we just happened to stumble upon it.