Exchange 2003 - Activesync Connection Problems FAQ

On numerous ocassions I was seeing questions pop up that involved Exchange 2003 and problems getting iPhone / Windows Mobile phones to work with Activesync, so after answering several questions, I decided to write the following article to assist others in answering their problems, covering all the possible scenarios that I had faced when tackling the problem.

So, here is my guide to solving (most) Exchange 2003 and Activesync issues:

Firstly, you need to make sure that you have Exchange Server 2003 Service Pack 2 Installed.  To check if you have it installed, open up Exchange System Manager - Start, Programs, Microsoft Exchange, System Manager.  Then expand Servers, Right-Click your server and choose Properties.  This will display whether you have SP2 installed or not.  If you do not have SP2 installed you can download it here - http://www.microsoft.com/downloads/details.aspx?FamilyID=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en

If you have got SP2 installed, check on https://testexchangeconnectivity.com to see if everything is working properly by running the Exchange Activesync check. The site is an official Microsoft site specifically for testing Exchange installations and connectivity. The test will fail if you use a self-signed SSL certificate, in which case, you'll need to check the "Ignore Trust for SSL" checkbox. On the ActiveSync test page, you are asked whether you wish to use Autodiscover to detect the settings or to manually specify server settings. Exchange 2003 does not have native autodiscover, so you will most likely need to choose the latter option and provide the server name.

If you are trying to make an iPhone work, then you can also download the free iPhone App 'Activesync Tester' and this should identify any problems with your configuration.

You also need to ensure that TCP Port 443 is open and forwarded on your firewall to your Exchange server.  You don't need to open up any other ports to get Activesync working, just TCP port 443.

Please check and mirror the settings below (Open up IIS, expand the default website then expand the relevant Virtual Directory, right-click on the Virtual Directory and choose properties, then click on the Directory Security Tab):

Exchange Virtual Directory






Microsoft-Server-Activesync Virtual Directory






ASP.NET should be set to version 1.1 for all virtual directories listed above.  If you cannot see the ASP.NET tab, you only have v 1.1 installed so do not worry. If any version other than 1.1 is selected, please change it to v 1.1.4322.

No other virtual directories are involved when using Activesync - despite having seen other postings suggesting that there are.

Although requiring SSL on the virtual directories mentioned above would be recommended, Microsoft actually recommend disabling it as per the following article in their knowledgebase: http://support.microsoft.com/kb/817379. Nevertheless, ActiveSync and OWA access should still run over a secure HTTPS session (port 443), as standard procedure states you should not open port 80 to the Exchange Server through your firewall.

Please also check that Ignore Client Certificates is selected under the IISADMPWD virtual directory / Directory Security Tab / Edit Secure Communications Button.  This Virtual Direcory may not exist if you have not setup the ability to reset passwords via Outlook Web Access (OWA).

For Small Business Server 2003 Users - please check this MS article - http://support.microsoft.com/kb/937635

Make sure that the name on the SSL certificate you have installed matches the Fully Qualified Domain Name (FQDN) that you are connecting to for ActiveSync - for example, mail.microsoft.com. If it does not match, either re-issue the certificate if you created it yourself, or re-key the certificate from your SSL certificate provider.

Activesync is much easier to get working with a purchased SSL certificate (installed on the default website but you can generate your own and still make it work).  GoDaddy seem to be offering the cheapest SSL certificates (at the time of writing this article).

Ensure that the IP for the Default Website is set to All Unassigned and using port 80 (open up IIS, Right-Click the Default Website).  If your default website is using any port other than port 80, it simply will not work, so if you have changed this to make something else work, either change it back to port 80 or stop trying to use Activesync!

If you make any changes to IIS, you will need to reset IIS settings.  Please click on Start, Run and type IISRESET then press enter.

Ensure that Forms Based Authentication is NOT turned on under Exchange Virtual Server under Exchange Protocols (Exchange System Manager, Servers, Protocols, HTTP, Exchange Virtual Server properties, Settings Tab).  If it is -- read http://support.microsoft.com/kb/817379

Once all of the above has been checked, if you have made any changes, please re-visit https://testexchangeconnectivity.com and your test should now pass all checks and Activesync should be working happily for you.

I have had Activesync work despite seeing "An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>" at the end of the test above.  To resolve this (if you like things tidy), please open up Exchange System Manager, Global Settings, Mobile Services Properties, Device Security Button, Exceptions Button, then add your account to the exceptions list.

So, in summary, you have reviewed and checked the settings in IIS to ensure that Activesync will work on your Exchange 2003 server, you have made sure that you have Exchange 2003 Service Pack 2 installed and you have run a test to make sure that your server is responding happily and by now, your iPhones and Windows Mobile phones should be happily synchronising.