yet_another_jash
asked on
Exchange 2003 Activesync connection issues
I am having ongoing issues in connecting to Activesync on one SBS 2003 server. I have followed the excellent article by 'alanhardisty' but have drawn a blank. I have two other servers which work without issue and I can connect Idevices to them - no problem. I am using the 'access my lan activesync tester' to test the connection which continually tells me that activesync is not enabled for the particular user being tested. It is enabled globally as well as for the individual.
I have created new users and checked permissions - still the same problem. I have checked and re-checked the folder permissions in IIS Manager. I have gone throug and made then the same as I have working on other servers - still no success. I have tried setting the domain and realm fields to the netbios name of the domain controller as well as using '\' for the domain and '<blank>' for the realm.
Any pointers would be appreciated
I have created new users and checked permissions - still the same problem. I have checked and re-checked the folder permissions in IIS Manager. I have gone throug and made then the same as I have working on other servers - still no success. I have tried setting the domain and realm fields to the netbios name of the domain controller as well as using '\' for the domain and '<blank>' for the realm.
Any pointers would be appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alan, will do all of this - though later today.
Already ran the ;connect to the internet' wizard to replace expired certificates though can do again, thanks for your help thus far.
Already ran the ;connect to the internet' wizard to replace expired certificates though can do again, thanks for your help thus far.
One or two more things to check.
Open up IIS Manager and expand until you see the the Exchange & Exchange-OMA virtual directories.
Right-click each one in turn and choose Browse.
What happens for each virtual Directory?
Open up IIS Manager and expand until you see the the Exchange & Exchange-OMA virtual directories.
Right-click each one in turn and choose Browse.
What happens for each virtual Directory?
ASKER
KB817379 has been followed.
Inherited permissions checked
Connect to Internet Wizard run again and IIS settings checked
Interestingl;y - the tool that I was using has not changed the error from 503 to 500 - still fails though.
If I browse the directories I see the OWA screen for the administrator account (that I am logged on with)
In following the diagnostic tool that you suggesed I note that it would not use the server IP address but had to use a fqdn. The fqdn which I have set up simply to point to the server did not match the name in the certificate so the ssl test failed. I generated a new certificate that did match the fqdn (fr.tacktick.co.uk) and it got one step further though it now reports the following:
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name fr.tacktick.co.uk in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 217.128.182.102
Testing TCP port 443 on host fr.tacktick.co.uk to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name fr.tacktick.co.uk was found in the Certificate Subject Common name.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.
Additional Details
The certificate chain couldn't be built. You may be missing required intermediate certificates. For more information, see Microsoft Knowledge Base article KB 927465.
It would seem that the certificate chain cannot be built - I followed the advice in KB 927465 and imported the new certificate that I had made just about everywhere it mentioned but the test still fails.
It would seem that I now need to resolve this particular issue before we move on to the main problem.
Thank you for all your help thus far - can you suggest where I might go next?
Inherited permissions checked
Connect to Internet Wizard run again and IIS settings checked
Interestingl;y - the tool that I was using has not changed the error from 503 to 500 - still fails though.
If I browse the directories I see the OWA screen for the administrator account (that I am logged on with)
In following the diagnostic tool that you suggesed I note that it would not use the server IP address but had to use a fqdn. The fqdn which I have set up simply to point to the server did not match the name in the certificate so the ssl test failed. I generated a new certificate that did match the fqdn (fr.tacktick.co.uk) and it got one step further though it now reports the following:
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name fr.tacktick.co.uk in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 217.128.182.102
Testing TCP port 443 on host fr.tacktick.co.uk to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name fr.tacktick.co.uk was found in the Certificate Subject Common name.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.
Additional Details
The certificate chain couldn't be built. You may be missing required intermediate certificates. For more information, see Microsoft Knowledge Base article KB 927465.
It would seem that the certificate chain cannot be built - I followed the advice in KB 927465 and imported the new certificate that I had made just about everywhere it mentioned but the test still fails.
It would seem that I now need to resolve this particular issue before we move on to the main problem.
Thank you for all your help thus far - can you suggest where I might go next?
ASKER
I have reconfigured the dns record so that tacktick.co.uk points to the server. i have re-run the Connect to Internet Wizard and created a new certificate in the name of tacktick.co.uk and I have re-run the testing tool and told it to ignore SSL errors. The testing gets a lot further but now fails with a 500 error.
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name tacktick.co.uk in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 217.128.182.102
Testing TCP port 443 on host tacktick.co.uk to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name tacktick.co.uk was found in the Certificate Subject Common name.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 12/20/2010 7:51:11 AM, NotAfter = 12/20/2015 7:51:11 AM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://tacktick.co.uk/Microsoft-Server-Activesync/.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Content-Length: 0
Date: Mon, 20 Dec 2010 08:08:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
It seems that each time I run the 'Connect to the Internet' wizard, forms based authentication is turned back on when I check under system manager, properties of 'exchange virtual server'.
I have turned it off, stopped and started the virtual server but the tool still fails at the same point.
Is it enough to simply until the box and restart it or is there something more to be done?
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name tacktick.co.uk in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 217.128.182.102
Testing TCP port 443 on host tacktick.co.uk to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name tacktick.co.uk was found in the Certificate Subject Common name.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 12/20/2010 7:51:11 AM, NotAfter = 12/20/2015 7:51:11 AM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://tacktick.co.uk/Microsoft-Server-Activesync/.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Content-Length: 0
Date: Mon, 20 Dec 2010 08:08:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
It seems that each time I run the 'Connect to the Internet' wizard, forms based authentication is turned back on when I check under system manager, properties of 'exchange virtual server'.
I have turned it off, stopped and started the virtual server but the tool still fails at the same point.
Is it enough to simply until the box and restart it or is there something more to be done?
ASKER
I have repeated the last steps again and noticed that when I restarted IISAdmin service, the server restarted (which I was not expecting). Following the restart, the testing tool has reported a success.
Ipod now connecting to exchange, thank you for your help.
Ipod now connecting to exchange, thank you for your help.
ASKER
The guide and additional notes worked perfectly, very happy indeed.
Have you also checked your inherited permissions as per my article for Exchange 2007 / 2010 (which is also apparently relevant for Exchange 2003):
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
Alan