Exchange ActiveSync to iPhone suddenly not working

i would start by looking at the iis logs to determine if the devices are hitting the system
c:\windows\system32\logfiles\w3svcx
looking for an entry with /Microsoft-Server-ActiveSync and at the end of the line will be the http error code
post the line

Hi there:

I checked C:\Windows\system32\LogFiles\W3SVC4 as this is the folder that seems to contain the newest logs, at least by date and time.  The most recent file is from today, it is ex100911.log.  It hasn't been modified since almost 2 hours ago, although I've been trying to connect this whole time, and there appears to be no lines whatsoever in the entire log file (of the one from the day before) that contain the line /Microsoft-Server-ActiveSync.

What next?

i would go to an external client and attempt to browse to https://server.domain.com/Microsoft-Server-ActiveSync

see what happens in IE
you could also try https://server.domain.com/exchange

make sure https traffic is reaching the system from the outside

I take back what I said, the files were in a different folder - here's a few lines:

/exchange-oma/cmyers@woodhavenassociation.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPhone/Appl88838NU7Y7H - 80 WLAMAIN\cmyers 10.0.0.150 Microsoft-Server-ActiveSync/6.5.7638.1 405 0 0 397 651
2010-09-11 23:17:27 10.0.0.150 POST /Microsoft-Server-ActiveSync User=cmyers&DeviceId=Appl88838NU7Y7H&DeviceType=iPhone&Cmd=FolderSync&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:1C1I493S794R0S0L0H0P 80 cmyers 71.228.5.36 Apple-iPhone/705.18 500 0 0 313 458
2010-09-11 23:17:27 10.0.0.150 PROPFIND /exchange-oma/cmyers@woodhavenassociation.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPhone/Appl88838NU7Y7H - 80 - 10.0.0.150 Microsoft-Server-ActiveSync/6.5.7638.1 401 1 0 2063 438
2010-09-11 23:17:27 10.0.0.150 PROPFIND /exchange-oma/cmyers@woodhavenassociation.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPhone/Appl88838NU7Y7H - 80 WLAMAIN\cmyers 10.0.0.150 Microsoft-Server-ActiveSync/6.5.7638.1 405 0 0 397 651
2010-09-11 23:17:27 10.0.0.150 POST /Microsoft-Server-ActiveSync User=cmyers&DeviceId=Appl88838NU7Y7H&DeviceType=iPhone&Cmd=FolderSync&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:1C1I493S794R0S0L0H0P 80 cmyers 71.228.5.36 Apple-iPhone/705.18 500 0 0 313 458
2010-09-11 23:17:27 10.0.0.150 PROPFIND /exchange-oma/cmyers@woodhavenassociation.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPhone/Appl88838NU7Y7H - 80 - 10.0.0.150 Microsoft-Server-ActiveSync/6.5.7638.1 401 1 0 2063 438
2010-09-11 23:17:27 10.0.0.150 PROPFIND /exchange-oma/cmyers@woodhavenassociation.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPhone/Appl88838NU7Y7H - 80 WLAMAIN\cmyers 10.0.0.150 Microsoft-Server-ActiveSync/6.5.7638.1 405 0 0 397 651

In addition to the above lines I just posted, please also note the following:  Internally, OWA no longer works correctly.  You can log into Outlook Web Access and get your list of email folders on the left, but the actual messages at the right never load.  This is a new problem as well.  It also does the same thing trying externally, using http://externalserverurl/exchange   (without https)

in system manager expand the server, protocols, and http
go to the properties for the http virtual server and check if forms based auth is enabled
disable it if it is and test

I disabled Forms Based auth and tried again - same thing.  Cannot connect to server on iphone.  

I take it that your regular Outlook users have no problems opening their folders and that the mobile devices are indeed authenticating. If Outlook has issues with folders, then perhaps you might want to run an integrity check and then performa a defrag of the information store. Be sure to back it up first. Have you retried removing and then adding a mobile user? Perhaps IIS is having issues since your OWA is problematic.

Latest log line ends in Microsoft-Server-ActiveSync/6.5.7638.1 405 0 0 397 651

Yes, the regular Outlook access is fine.  Seems to be no problems whatsoever when using Outlook as the native client.  Definitely seems to be something tied to IIS, but not sure how to troubleshoot it further.

what do you have in the iis log for a /exchange entry
i want to see this before making my next recommendation (since you were able to connect via http)

Would the /exchange entry be in the same log file?

yes

I do not find any /exchange, only  /exchange-oma

check in iis manager, which site has the exchange vdir then get the site number to check logs
it is typically in the same site

Hmm.. under my Default Web Site, it states that my log file is C:\WINDOWS\system32\LogFiles\W3SVC1\exyymmdd.log  Technically, this is the file we are discussing.  (C:\WINDOWS\system32\LogFiles\W3SVC1\ex100911.log

Here's the most recent line I find, although it's from earlier today - I see nothing from my own username, just the Administrator account.

2010-09-12 00:07:37 10.0.0.150 GET /exchange/Administrator/ Cmd=logoff 80 - 10.0.0.150 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0 605 500
2010-09-12 00:07:37 10.0.0.150 GET /exchange/Administrator/ Cmd=logoff 80 WLAMAIN\Administrator 10.0.0.150 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 302 0 0 304 520

the 302 is a redirect
check the properties of the exchange vdir
make sure the virtual directory tab is set to "a directory location on this computer"
check the custom errors tab for the 403;4 error

there should be something for the 403;4
browse to the file specified and see where the redirection sends you to

Here's one that just took place:

2010-09-12 00:25:23 10.0.0.150 SEARCH /exchange/MAINGATE/Inbox/ - 80 WLAMAIN\MAINGATE 10.0.0.26 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+FunWebProducts;+.NET+CLR+1.1.4322;+IEMB3;+IEMB3) 405 0 0 672 4844

I checked the Exchange Virtual Directory.  The tab is set to "A directory located on this computer".

For the custom errors for 403;4, it says  C:\WINDOWS\help\iisHelp\common\403-4.htm

If I try to just open the .htm file, it says "the page must be viewed over  secure channel"  Error 403.4 - Forbidden: SSL required to view this resource

Should I be trying to browse to it internally?  What URL path should I be trying to browse to it from?

In IIS Manager, check the Application pools are set correctly:
/exchange - ExchangeApplicationPool*
/exchweb - ExchangeApplicationPool*
/exadmin - ExchangeApplicationPool*
/public  - ExchangeApplicationPool*
/oma - ExchangeMobileBrowseApplicationPool
/Microsoft-Server-ActiveSync - ExchangeApplicationPool
* will probably show ExchangeApplicationPool but greyed out.

check the authentication methods
/exchange - basic and windows
/exchweb - anonymous
/exadmin - integrated
/public - basic and windows
/oma - basic
/Microsoft-Server-ActiveSync - basic

All virtual directories are pointing to the correct application pools, and all authentication methods specified on each of the virtual directories is exactly as you specify

do you have urlscan installed on this server

Not that I know of - I' don't think I've ever heard of it.  Is it a 3rd party product?  If so, probably not.

you can also try re-enabling forms based authentication and restart iis

Can I use forms based authentication without SSL?
Which compression level should I choose before applying and rebooting?

did you have it enabled before? it will enable it because of the basic auth requirement. you would need to go back an manually disable the require ssl.
high
don't reboot, just run the following from a command prompt
iisreset

It was enabled before, and it was checked for "high" compression, yes.  So now that I've re-enabled forms-based auth, I need to go back and disable the "require ssl" on all virtual directories?

just the exchange vdir will be modified by that

After I re-enabled Forms-based auth, I checked the Exchange vdir and it did not re-check the "require SSL" box.  Nonetheless, I reset IIS using iisreset twice, still to no avail.  Same thing on iphone and same problem in outlook web access as well (loads mailbox, but no individual emails will appear in the message pain of OWA).  really weird.  What should I try next?

we've checked all the basics
did you look at this
https://www.experts-exchange.com/questions/21828428/Outlook-Web-Access-return-HTTP-Error-405-The-HTTP-verb-used-to-access-this-page-is-not-allowed-on-Windows-SBS-2003-IIS-6-0.html

I just tried deleted the temporary compressed files like it says - no go.  I have not tried to recreated the virtual directories themselves..  Although I'm a bit hesitant to try it.  I back up all actual files on the server each night.. do you think I could restore the actual directories that make up these virtual directories?

Where is the \\.\BackOfficeStorage directory that these refer to??

it is not a direcotry on the machine

Interesting - how do I know exactly which physical files the virtual directories contain?  

the files are located under the c:\program files\exchsrvr directory

What if I restored everything in C:\inetpub and C:\program files\exchsrvr   (I keep the actual exchange database and streaming file on a seperate drive)

i don't think it is a file error, i believe it is an iis issue
the 405 error is Resource not allowed

sorry, but i need to call it a night

Thanks for your help this evening - I'll keep plugging away and see what i can find out.  :)

Hi Alan:

I am anazlyzing your article in depth now - so far no go, but following it to the T.  Very nice work, btw.  Very thorough.  I'm thinking I may end up recreating the virtual directories, but will try everything else first.  Stay tuned for an update!

i'm watching the status too

10-4.  Is using the IIS Resource Kit tools (metabase explorer) the safest method for re-creating the IIS virtual directories?

unless you've done it many times, yes

Method 2 of KB883380 is usually the easiest way.

I will try the metabase explorer method  - doing so now

I hope you have seen my last comment before you venture down the Metabase Explorer route!  I would not use Metabase Explorer Personally.

Yes, I did read that you thought the 2nd method was easier.  Will read the KB a bit more before proceeding.  In either case - why does the documentation not state to delete the exchange-oma vdir?  Should I leave that one in tact?

it does state to delete the oma vdir

it statest to delete the oma vdir, but doesn't say to delete the exchange-oma vdir

It does not state to delete that because it is hopefully not necessary and does not get automatically re-created anyway.  KB817379 covers the exchange-oma virtual directory, should the need arise.

Another thought sprung to mind earlier - what router / firewall do you have and have you checked that all the relevant ports are open?
You will only need TCP port 443 (HTTPS) for Activesync over SSL or TCP port 80 (HTTP) for insecure Activesync.
What were the results of the test site?

The test failed repeatedly with error 500 - however, the problem exists internally as well, even when completely behind my firewall and router.  :(    It's definitely an IIS thing.

I have deleted the appropriate vdir's (yes, I did use the metabase explorer) and the assosciated metadata, and am now restarting the system attendant service - cross your fingers!

If you want, delete the exchange-oma virtual directory and then follow KB817379 to re-create it.  It won't hurt.

Okay.  First, I will reset my access settings on all of the new vdir's that it recreated (it recreated them almost instantly, I just checked) and if I still can't get ActiveSync to work, I will redo the whole process again, this time including exchange-oma

remember the article stated to wait 15 minutes and it may even require a reboot

wow, i couldn't even type as fast as it could recreate

Hah!  Okay, well I just checked again to verify that all vdir's were recreated - they were.  I did IISRESET.  Browsing to outlook web access still producing same result as before (shows mailbox folders at left, but no messages at right - just says "loading" in the windows where the inbox emails should be).   iPhone still won't sync either.  Should I try a complete reboot?

what access settings did you change? did you test before making any of your changes?

Just physically rebooted the whole server - still no go!  Tried synching iphone from scratch from behind the firewall on same local subnet as server - same problems with iphone and w/ outlook web access.  I'm stumped.  What is left to try guys?  help!!  

what changes did you make after the vdirs were re-created? check the certificate configuration for the site

After the vdir's were created, I went back and made sure all of the configuration settings were exaclty as they've always been.  The default website is not using any certificate, so that settings seemed to stay as I've had it.  I tried the ActiveSync tester from "AccessMyLan" and it still comes up with "ActiveSync detected, but not correctly configured [HTTP 500: Forms-based auth enabled?]"

I tried disabled forms-based auth in exchange http, and activesync test still shows "ActiveSync detected, but not correctly configured [HTTP 500: Forms-based auth enabled?]"

i'm guessing the iis logs are once again reporting the sam 405 error?
i would focus on owa first since activesync has a minor dependency on it

Yeah, my latest IIS log entry reports Microsoft-Server-ActiveSync/6.5.7638.1 405 0 0 397 657

What does the error 405 mean?  

the 405 error is Resource not allowed
typically it doesn't like the verb being passed (GET, POST, etc)

URLScan which i asked about is a potential cause

what about directly from the server, can you go to http://localhost/exchange

I can't browse to http://locahost/exchange   it gives me "page cannot be found".

I CAN browse to http://hostname/exchange and get to the OWA mailbox page.  In which case it does not ask me for authentication, it goes directly to the mailbox of the user that is locally logged on, and the mailbox items never load, just the mailbox folders to the left.  

I think it has something to do w/ the identity of the site and still has something to do w/ the way connections are trying to authenticate.  

ensure that asp.net is allowed and asp.
Also take a look at this KB article...
http://support.microsoft.com/default.aspx?kbid=831464

All of the vdir's list asp.net version 1.1.4322   How do I make sure it's allowed?  

web services extensions
look at that last article too

I checked the last article - I've already tried deleting the temporary compressed files as they explain.  Should I try again?

were you successful the first time, it wouldn't hurt

Just tried deleting the compressed temp files again and reset iis - still no go.  checking the web services extensions now.

I do notice inconistencies in the way the logs show me authenticating.  Sometimes as WLAMAIN\username and sometimes as wlamain.local\username  

(wlamain.local is the domain we are using).   How can I make sure the each vdir has the appropriate 'realm' and 'default domain', etc..  ?

you need to check the authentication settings for each
any with basic should have the default domain configured

Can we go through one more time exactly what types of authentication I should have checked for each, including the default website itself?  Keeping in mind no SSL at all?

keep in mind that it is recommended to use SSL any time basic authentication is enabled

/exchange - basic and windows
/exchweb - anonymous
/exadmin - integrated
/public - basic and windows
/oma - basic
/Microsoft-Server-ActiveSync - basic

rechecking all auth settings now..

They all look right.

When the iphone hits the server, it always produces error 405 for exchange-oma, and error 500 for Microsoft-Server-ActiveSync

Is it possible to restore a single website instead of the entire IIS config using the restore feature?

no, you can only restore the server

can you try creating a new web site then add just the exchange vdir
http://support.microsoft.com/kb/816576

create the virtual directory within esm

i would like to see if we can build a new site and at least get owa working

Okay - will try now

So do I want to first create a new HTTP virtual server in ESM before doing anything in IIS manager yet?

yes, first create the vs, then the vdirs
don't modify any default setttings

I made a new virtual server in ESM.  I didn't add anything to it in ESM.  Now I go into ISS and create a new website?

OK, back up the bus. You guys are going in waaay too deep. The problem happened after a power fail. It was working. You're dinking with so many setting it will be a miracle if you ever get this working.

Go back to the basics. First off, if you can't browse various sites on your internal web, then it's an IIS problem. Until all of that works properly, forget the iPhones.

Are all of the sites in IIS running? That's the first place to look. If not, that's where you need to start. Stop creating websites, virtual servers, etc. If you didn't need them before, you don't need them now! The chances of any of those actually being bad is slim. The chances of really screwing it up by messing with them when things aren't working is huge!

So start over. Look at the sites in IIS and tell us if they are all up. Also check to make sure you don't have any other NIC's enabled than the one SBS is using.

Yikes!  Well, going back to the basic setup - yes, all sites are up and running.  There's actually just the default website and the virtual directories beneath it.  Yes, everything is running.  It's DEFINITELY an IIS problem.  

So, getting to the next step you mention - There are no other NIC's enabled on this machine, just the one we are using.  All ip settings have remained the same since the power failure.  All other core functions such as AD / DNS / file serving / Core exchange functionality / Print Serving are working as expected.

There's also the "companyweb" sharepoint site in IIS - it's up and running and working fine as well.

OK, so now try (internally) accessing https://servername/Exchange and /oma.

I know you've done this before, but please do it again! Oma should give you a password box and Exchange should give you the OWA login page.

The name of the server internally is just WSBS2003.  If I browse to https://wsbs2003/exchange I get no login box at all, it goes directly to the outlook web access mailbox of the administrator account.  It shows the Mailbox folders (calendar, contacts, deleted, inbox, etc.. on the left, but on the right it shows no messages, just "Loading"...

If I browse to https://wsbs2003/oma I get "Server Error in '/OMA' Application.  Unrecognized configuration section 'connectionStrings'  Line 12 shows in red, source file is C:\inetpub\wwwroot\web.config

For the Exchange one, you may need to add your server to your trusted sites. Maybe not. I'm not sure that these are related - yet.

For the other, I don't have 'connectionStrings' section in my web.config. Can you find that file and copy that section and post it here? You can find the path in the OMA properties in IIS.

Just for grins, go to your OMA properties in IIS, to the ASP.NET tab. What version are you using? You should be using 1.1.4322, not the 2.x version that is also available.

i don't think it's a trusted sites issue as they go straight to the mailbox
they just can't view the content of the mailbox due to the 405 error

It does not appear that my web.config file under OMA has a connectionsStrings line.

The error that was reported actually shows as C:\intepub\wwwroot\webconfig on line 12, shows below:

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>

All of the sites and vdir's are using asp.net 1.1.4322

I tried to comment out the connectionStrings line just to see waht would happen, and the next error said "Child nodes are not allowed."  Line 27:  <namespaces>

Good on the asp version.

OK, I did pickup on the file name before, but on my machine, I do not *have* a webconfig (web.config) in that folder even though one is referenced. A little research says that SBS2003 does not have that file at that location by default, so this is something that was added in. You might try renaming that file and then doing an IISRESET and see what effect that has.

So the OMA one - you DO have that one, correct?   But you do not have a web.config file in the C:\inetpub\wwwroot location?

no, there is not a web.config file by default
did you install any third party products on this system? url rewrite, url scan, etc

you could rename it to web.config.old and run iisreset

I just did - I renamed it to .old and did iireset.  Now, if I browse to /exchange, I get an actual login box for outlook web access - it lets me log in, but still no loading on the items part.

If I browse now to /OMA - I now get  "A system error has ocurred while processing your request.  Pleasty try again".  The link it takes me to is https://servername/OMA/(qorjo145zmkvw1bfjhm0r0z2)/oma.aspx   Some weird kind of temp folder or something?

Nope - no 3rd party add-ons that I've ever done in regards to urlscan, etc..

Just a quick update - if I click on the 'classic' client for the outlook web access logon, I can get the mailbox items to show up.  Any ideas?

I've tried everything - i even restored the entire system state, including the IIS metabase and the registry, back to it's state the day before the accident - still does the same exact thing.  This is getting insane.  

did you try creating the new site and adding the exchange vdir?  
i would like to see how iis handles a new/clean site

I started to, but never progressed past the first part - SO, as we discussed....  My first step is to create a new http virtual server in Exchange, right?

yes, you'll need something that makes it unique for the default site
can you add a second ip address to the server temporarily for this and assign that ip to the site
then when you test use http://10.1.1.2/exchange

There's only 1 NIC in the server - should I give it two IP's?  Keep in mind this is also our DNS server and domain controller (obviously)

yes, once we test we can remove this

I'm actually at a remote site right now - if I give the server two IP's on one NIC, will I still be able to connect correctly over RDP?

Another thing that's weird - I restored the entire system-state (Active Directory, IIS, etc..) using Backup Exec 12.5 in Directory Services Restore mode.  How could it be that even THAT didn't fix it?  lol     Nonetheless..   If you feel the dual-IP scenario is the next step for testing, I shall proceed.  

Should I specifically use that IP?  I should use an IP on my same subnet, right?  Or are we trying right from the server only?

use an available ip address in your subnet
yes, from the server

Okay - I added a 2nd IP address - 10.0.0.30    Now what?  First create a 2nd server in ESM?

yes, and associate with this ip

One other weird thing I just noticed..  I cannot expand my Public Folders in ESM - it give me an error 405

because the exadmin vdir is also most likely broken, so this would be expected

Okay, I made a 2nd Exchange Virtual Server in ESM and associated it w/ 10.0.0.30..   Now What?

right-click and select new virtual directory
name = Exchange
Exchange path = mailboxes

I just named it Exchange Virtual Server 2   -   I pointed it to the mailboxes.  It actually won't let me choose 10.0.0.30 for it now that I look. It will only let me select "all unassigned" or whatever

can you change it after you create it? it should allow you to choose which ip, otherwise the site won't start by default. you'll need to start it in iis manager until the ip is assigned.

So now I create a new site in IIS manager, right?

What should the home directory be for the new site?

no, you should be doing it thru esm

it must be done thru esm, you cannot select a site for an http vs in esm

Yep, in ESM I made a new virtual server

Understood - yes, I made the new vs in esm.  Awaiting the next step

you may have the worst case scenario here based on everything you are reporting, but let's finish this test
https://www.experts-exchange.com/questions/22922967/How-do-I-Reinstall-Win-SBS-2003-components-Companyweb-Outlook-Web-access.html

now that you have the new http vs
right-click and select new virtual directory
name = Exchange
Exchange path = mailboxes

then test http:/10.0.0.30/exchange

gives me a login box

go ahead and login
see if you see data on the right

Can't see any data;   After I enter my credentials, it says "waiting for webpage" for about a minute, then goes to Error 404 - The page cannot be found

go into iis manager and make sure the site is online
compare its config to the default web site exchange vdir

That's what I was asking earlier..  In IIS manager, should it show this specific virtual directory?  Or do I have to make a new website in IIS manager?  I guess that's where I'm confused - after making the vdir in ESM, what do I need to do in IIS manager?

in iis manager you will see the new site

where do you stand? i am getting ready to call it a night and i want to undo the changes if no progress

I see the new site - the only differences I see between that one and the 'real' one under default website is this one has ExchWeb UNDERNEATH it.  But, I still can't browse to it - I still get the login box, but nothing after that.

remove the new http vs and the ip address

Will do.   Howcome under my 'registered mime types' I don't have anything?

Just a status update on this - I've tried several more thing, including once again recreating the virtual directories.  I backed up IIS, then deleted the exchange directories, deleted the appropriate metadata using the metabase explorer. then restarted the system attendant and the directories were recreated.  However, still the same behavior.  Error 500 when trying to activesync, and content panes show "loading" indefinitely when logging into OWA.  

At this point, I believe I need to reinstall something.  Should my next step be just to throw in the appropriate disc that came with SBS2003 and reinstall Exchange and IIS?  I'm kind of leery about this..  If I just reinstall the components over themselves without uninstalling everything, do you think it will fix the problem?

i believe you may need to
see [url="https://www.experts-exchange.com/questions/26466827/Exchange-ActiveSync-to-iPhone-suddenly-not-working.html?cid=1330&anchorAnswerId=33659147#a33659147"]33659147[/url]

Yikes..  Do you think I should just throw the disc in like it says and install over itself?  What about Exchange - I'm now running Exchange 2003 SP2, but the disc is older than that I believe.

I took the plunge - I just uninstalled and reinstalled IIS and now reinstalling Exchange.  After that, I will reinstall SP2 for Exchange.  After that, how do I point my exchange server back over to where I keep my databases (mailbox db and public folder db) ?

Now I installed everything again - now I can't even BROWSE at all to companyweb or OWA.  I just get a page stating "Service Unavailable".  I made sure that asp.net is installed and listed under each website and virtual directory in IIS manager.  Help!

Uninstalling IIS without following the correct guide will break Exchange.
DId you follow this guide:
http://support.microsoft.com/kb/320202 

Exchange is actually working fine.  I uninstalled IIS, the reinstalled/restored IIS, and reinstalled Exchange, then I reinstalled Service Pack2 for Exchange.  I pointed Exchange to my mailbox and public folder databases, fired it back up, and exchange is working great.  In IIS, everything is back in IIS manager and running.  However, I can no longer browse to http://companyweb from the server or any clients.  I just get a page that says "Service Unavailable".  Same thing if I try to browse to http://servername/exchange

This article might be relevant if you get the HTTP/1.1 503 Service Unavailable Error:
http://support.microsoft.com/kb/823159
HKCRSCAN.EXE is usually available only from Microsoft, but I hava copy if you need it.

It doesn't look like anything in that article applies.  I actually don't even get the http 503, I just get "Service Unavailable".  In IIS manager, under Application Pools, the "DefaultAppPool" and the "ExchangeApplicationPool" keep going 'down' - that is, they keep ending up w/ a red x in them.  Even if I start them, I still get the "service unavailable message".

That is probably because IIS and Exchange are heavily interwoven.
Please run through the article I posted last and then follow the guidelines (if it is not too late).

Article 320202 is the same exact one I used to uninstall/reinstall IIS and then reinstall exchange.  I followed it to the T...    Or are you talking about 823159

KB320202 is the one I am referring to (it's late my end).
What errors are showing in the Event Logs that are IIS / Exchange related?

I keep getting tons of Event ID: 2268  Source W3SVC-WP  "Could not load all ISAPI filgers for site/service.  Therefore startup aborted."

Not sure if this will help:
http://www.smallbizserver.net/Forums/tabid/53/aff/12/aft/36959/afv/topic/Default.aspx 

Hi,

Refer this article:
http://support.microsoft.com/kb/894435

Hope this helps,
Shree

@Shreedhar - this is SBS 2003!

Yikes!  Yeah, I'm not sure that's what I need Shreedhar.  :)

@alan:  my files for those filters are in the correct place, and the path to them is correct under the isapi filter tabs in IIS manager

Can you please download and install Dependency Walker (http://www.dependencywalker.com/) then check the ISAPI Filter and see what is missing.  There has to be a filter not installed correctly.

Yep - I will try that next.  In the meantime, I just uninstalled/reinstalled IIS again, this time I check asp.net at the time of install instead of going back and doing it later.  I just reinstalled exchange as well again, and it's doing service pack 2 right now.  Should know in about 15 minutes.  

Now when I try an ActiveSync test using ActiveSync tester, I get error 403 "ActiveSync detected, but access denied.  HTTP 403: Disabled for this user"

It does this for every user, OWA still the same problem too.  

Alan:

I downloaded and installed dependency walker.  How exactly do I use it to find out if one of these filters is installed wrong?  Also, the event itself in the event log doesn't point to a particular file - how do I increase the detail that this log is showing?

Under default website / ISAPI Filters, the OwaLogon Filter has a priority of "unknown".  The path to the file is C:\Program Files\Exchsrve\ExchWeb\bin\auth\OwaAuth.dll

After re-installing IIS / Exchange again are you getting the same error with the ISAPI filters?

yes

I managed to get rid of the ISAPI filter problem by doing another restore of the system state.  However, I'm back to where I was at the very top of this thread:  I can log into OWA, but the items never load on the right, nor do I have access to Exchange ActiveSync from outside or inside the firewall.  I get error 500 when trying to activesync, even when forms-based auth is disabled in ESM.  I may start a new question on this, not sure how to proceed.

Closing out question and awarding points between the two most critical issues.