Activesync Exchange2003
Hi Guys,
I know this problem has been posted numerous times and we have tried pretty much alll of the idea but still no resolve.
We have an Exchange2003 domain in which Outlook, OWA and OMA all work. There is no SSL set on but when we try to sync Windows Mobile phone they come up with:-
Result:
ActiveSync encountered a problem on the server.
Support Code: 0x85010001
We have done the following:-
Used different phones (inc IPhone)
Reset all the Exchange servers in IIS.
Recreated the Exchange-oma virtual server in IIS.
Added and removed Integrated Windows
Added and removed Basic Authentication.
Created a new user.
Removed Header names.
Made sure the wireless is off on the phones (so it goes through 3G etc)
Restarted all Exchange services.
Checked the RPC port mappings in the registry against the Microsoft recommendations.
There may be others that we have done but i can't totally remember them at the moment.
Apart from the error on the phone we have run the RPCDump.exe to produce the RPC mappings list and have found that it's missing an entry but We've also checked the registry as http://support.microsoft.com/kb/325930 which are fine.
This seems to be resolved by many people but by doing totally different things.
Any help or ideas would be great.
Thanks
I know this problem has been posted numerous times and we have tried pretty much alll of the idea but still no resolve.
We have an Exchange2003 domain in which Outlook, OWA and OMA all work. There is no SSL set on but when we try to sync Windows Mobile phone they come up with:-
Result:
ActiveSync encountered a problem on the server.
Support Code: 0x85010001
We have done the following:-
Used different phones (inc IPhone)
Reset all the Exchange servers in IIS.
Recreated the Exchange-oma virtual server in IIS.
Added and removed Integrated Windows
Added and removed Basic Authentication.
Created a new user.
Removed Header names.
Made sure the wireless is off on the phones (so it goes through 3G etc)
Restarted all Exchange services.
Checked the RPC port mappings in the registry against the Microsoft recommendations.
There may be others that we have done but i can't totally remember them at the moment.
Apart from the error on the phone we have run the RPCDump.exe to produce the RPC mappings list and have found that it's missing an entry but We've also checked the registry as http://support.microsoft.com/kb/325930 which are fine.
This seems to be resolved by many people but by doing totally different things.
Any help or ideas would be great.
Thanks
ASKER
Thanks Mestha,
That link helps a great deal and seems i'm not far off sorting it. The report came back with:-
Attempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: Connection: close MicrosoftOfficeWebServer: 5.0_Pub Pragma: no-cache Public: OPTIONS, POST Allow: OPTIONS, POST MS-Server-ActiveSync: 6.5.7638.1 MS-ASProtocolVersions: 1.0,2.0,2.1,2.5 MS-ASProtocolCommands: Sync,SendMail,SmartForward
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange Activesync returned an HTTP 500 response.
The code on the phone is now 0x85010014
Does this help.
That link helps a great deal and seems i'm not far off sorting it. The report came back with:-
Attempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: Connection: close MicrosoftOfficeWebServer: 5.0_Pub Pragma: no-cache Public: OPTIONS, POST Allow: OPTIONS, POST MS-Server-ActiveSync: 6.5.7638.1 MS-ASProtocolVersions: 1.0,2.0,2.1,2.5 MS-ASProtocolCommands: Sync,SendMail,SmartForward
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange Activesync returned an HTTP 500 response.
The code on the phone is now 0x85010014
Does this help.
The error code is an authentication issue. That usually means one of the authentication settings is incorrect. Missing integrated authentication on either the Microsoft-Server-ActiveSyn
If you were using SSL then I would point you to something else.
-M
If you were using SSL then I would point you to something else.
-M
ASKER
Ok, i've tried that.
Now getting:-
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
Does the Default Website authentication have any affect on it or the fact that anonymous access is off ?
Also do you know what setting the default domain should be (on some it's just \ and on other it's the domain.local) ?
I am also assuming that the read/write permissions won't have any affect ?
Thanks
Now getting:-
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
Does the Default Website authentication have any affect on it or the fact that anonymous access is off ?
Also do you know what setting the default domain should be (on some it's just \ and on other it's the domain.local) ?
I am also assuming that the read/write permissions won't have any affect ?
Thanks
ASKER
Hi Again,
In addition to the last post i've just realised that if i put Integrated Auth on the Exchange one and then log off OWA i cannot get back on unless i take Inegrated off and leave Basic on.
In addition to the last post i've just realised that if i put Integrated Auth on the Exchange one and then log off OWA i cannot get back on unless i take Inegrated off and leave Basic on.
ASKER
More addition.
I've enabled Integrated Auth on the HTTP server on Exchange System Manager and the test now gets a step further with :-
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange Activesync returned an HTTP 500 response.
Cheers
I've enabled Integrated Auth on the HTTP server on Exchange System Manager and the test now gets a step further with :-
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange Activesync returned an HTTP 500 response.
Cheers
The Exchange virtual directory should have both integrated and basic authentication enabled by default. The only time that integrated is removed is when you are using forms based authentication and ssl.
Or put it this way - integrated needs to be enabled for EAS to work.
Do you get any errors in the event viewer of the Exchange server at the same time as running the test?
-M
Or put it this way - integrated needs to be enabled for EAS to work.
Do you get any errors in the event viewer of the Exchange server at the same time as running the test?
-M
ASKER
Security log shows:
Source - Security
Event ID - 529
Logon Failure
Reason Unknown Username or Bad Password
Logon Type 8
Logon Process Advapi
Authentication Package Negotiate
.........
Source - Security
Event ID - 529
Logon Failure
Reason Unknown Username or Bad Password
Logon Type 8
Logon Process Advapi
Authentication Package Negotiate
.........
Does it tell you what account was used?
-M
-M
ASKER
We've set up a test account which is the one it shows. This is the one we've been testing with on the Active Sync. I've also tried another account in case this had gone corrupt
The error usually means what it says - either the username or password is incorrect. I guess there is a chance the information is getting garbled somewhere.
Are you sure it was connected to this authentication attempt? What I was really interested in was any authentication mismatch errors in the application log.
-M
Are you sure it was connected to this authentication attempt? What I was really interested in was any authentication mismatch errors in the application log.
-M
ASKER
Hi Mestha,
I've checked the App log as well and there are a couple of errors (which look like when we've tried) as:
Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3031
Date: 30/01/2009
Time: 15:57:07
User: SERVER**\*******
Computer: EXCHANGE**
Description:
The mailbox server [EXCHANGE**.domain.local] does not allow "Negotiate" authentication to its [exchange-oma] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme. For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379). For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383). This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
This Exchange server is not a DC by the way.
Hope this helps
I've checked the App log as well and there are a couple of errors (which look like when we've tried) as:
Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3031
Date: 30/01/2009
Time: 15:57:07
User: SERVER**\*******
Computer: EXCHANGE**
Description:
The mailbox server [EXCHANGE**.domain.local] does not allow "Negotiate" authentication to its [exchange-oma] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme. For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379). For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383). This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
This Exchange server is not a DC by the way.
Hope this helps
That was the error I was expecting.
Very common.
However I find that MSKB 817379 doesn't always work. I have slightly altered instructions here:
http://www.amset.info/exchange/mobile-85010014.asp
-M
Very common.
However I find that MSKB 817379 doesn't always work. I have slightly altered instructions here:
http://www.amset.info/exchange/mobile-85010014.asp
-M
ASKER
Thanks,
I have tried that but it's still failing. Error is:
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: Connection: close MicrosoftOfficeWebServer: 5.0_Pub Pragma: no-cache Public: OPTIONS, POST Allow: OPTIONS, POST MS-Server-ActiveSync: 6.5.7638.1 MS-ASProtocolVersions: 1.0,2.0,2.1,2.5 MS-ASProtocolCommands: Sync,SendMail,SmartForward
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange Activesync returned an HTTP 500 response.
Thanks
I have tried that but it's still failing. Error is:
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: Connection: close MicrosoftOfficeWebServer: 5.0_Pub Pragma: no-cache Public: OPTIONS, POST Allow: OPTIONS, POST MS-Server-ActiveSync: 6.5.7638.1 MS-ASProtocolVersions: 1.0,2.0,2.1,2.5 MS-ASProtocolCommands: Sync,SendMail,SmartForward
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange Activesync returned an HTTP 500 response.
Thanks
ASKER
I've just realised that although i can get into OWA i cannot send any new mail or reply as it comes up with a 'internet explorer cannot display this web page' even on another machine and even turning pop up blocker off and adding it to the trusted site list.
I can use OMA though but cannot use OWA or anything internally.
It's as though it'll show the mailbox but then nothing else.
I can use OMA though but cannot use OWA or anything internally.
It's as though it'll show the mailbox but then nothing else.
ASKER
Also, i've just reset the Exchange folders again to start from scratch but could use OWA externally, SSL is off but if i use http:// it comes up with cannot display webpage straight away but if i use https:// it asks for the username/password but then comes up with cannot display this webpage after i enter the details
OMA works but comes up with 'the device type you are using is not suppport' but i can click ok to continue and then if i then delete /oma in the adress bar and type in /exchange again this then works and i can send new mail.
This is driving me mad !
OMA works but comes up with 'the device type you are using is not suppport' but i can click ok to continue and then if i then delete /oma in the adress bar and type in /exchange again this then works and i can send new mail.
This is driving me mad !
After resetting the folders, did you make any other changes to the site?
Is the SSL certificate a commercial or self generated certificate?
Was that a test inside or outside of your network?
Had you made any changes that were outlined in MS KB 817379?
Is there anything else using IIS on that machine?
Something is wrong with IIS, that is my instinct at the moment. What it is, I don't know.
-M
Is the SSL certificate a commercial or self generated certificate?
Was that a test inside or outside of your network?
Had you made any changes that were outlined in MS KB 817379?
Is there anything else using IIS on that machine?
Something is wrong with IIS, that is my instinct at the moment. What it is, I don't know.
-M
ASKER
Well i've just checked the app error log and it's saying that the server is not set to negotiate on exchange-oma but further down the error it says server\username but this server doesn't exist. The only reference i can see for this server is a distribution group named this. Also when i try and create a new user the pre-windows2000 logon name is prefixed with this servername/ and is greyed out so i can't help but think it's something to do with that.
The only other thing i can think of is to re-install IIS
The only other thing i can think of is to re-install IIS
exchange-oma should have integrated authentication enabled on it. If it does not then that will cause a problem. That is the authentication type it is referring to as "Negotiate". Therefore check that and then run iisreset if you have had to change anything.
Reinstalling IIS on an Exchange server is not that straight forward due to the way Exchange integrates: http://support.microsoft.com/kb/320202
-M
Reinstalling IIS on an Exchange server is not that straight forward due to the way Exchange integrates: http://support.microsoft.com/kb/320202
-M
ASKER
I've double checked and it is set on. The thing that strikes me odd (as this is not our network) is that the error in the application log still shows as server04\username but this is not the domain name which is xxxxxxxx.local, this name appears as sort of a workgroup (i'm not sure how to read it) i.e if i go onto the exchange server and go to network places server04 shows as one of the microsoft groups (like you would see in a workgroup or domain)
I can't help but think that this has something to do with it.
Do you know what effect running a dcprep again from the exchange cd would have on the exchange server/enviroment, i.e could this re-detect the setup and put things right ?
I can't help but think that this has something to do with it.
Do you know what effect running a dcprep again from the exchange cd would have on the exchange server/enviroment, i.e could this re-detect the setup and put things right ?
ASKER
One other thing.
I can go to http:/mail.domain/oma , exchange and exchange-oma but not microsoft-server-activesyn
I can go to http:/mail.domain/oma , exchange and exchange-oma but not microsoft-server-activesyn
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No problem,
I'll do some more digging and re-post if needed but thanks for the time, it's resolved a lot of questions.
Cheers
Ian
I'll do some more digging and re-post if needed but thanks for the time, it's resolved a lot of questions.
Cheers
Ian
ASKER
Although no resolution was acheived this calrified a lot of issues and so points are awarded for clarity, expertise and time taken to help.
I would undo whatever you did for the exchange-oma directory, remove any SSL certificate and then reset the virtual directories.
Then test the site using https://www.testexchangeconnectivity.com not a device, without making any changes to the server.
If that works, then you can move forwards.
-M