<

Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Exchange 2003 - Activesync Connection Problems FAQ

Published on
361,430 Points
103,630 Views
158 Endorsements
Last Modified:
Awarded
On numerous occasions I was seeing questions pop up that involved Exchange 2003 and problems getting iPhones / Windows Mobile phones and now more recently, iPads, to work with Activesync, so after answering several questions, I decided to write the following article to assist others in answering their problems, covering all the possible scenarios that I had faced when tackling these problem.

So, here is my guide to solving (most) Exchange 2003 and Activesync issues:

Pre-Requisites:


1. Make sure that you have Exchange Server 2003 Service Pack 2 Installed.  Whilst Activesync will work with Exchange 2003 Service Pack 1, Service Pack 2 makes it a whole lot easier!

To check if you have it installed, open up Exchange System Manager (Start> Programs> Microsoft Exchange> System Manager).  Then expand Servers, Right-Click your server and choose Properties.  This will display whether you have SP2 installed or not.

Exchange 2003 Service Pack Level
If you do not have SP2 installed you can download it here –http://www.microsoft.com/downloads/details.aspx?FamilyID=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en

2. Ensure that TCP Port 443 is open (and forwarded) on your firewall to your Exchange server.  You don't need to open up any other ports to get Activesync working, just TCP port 443.  You can check this on your Exchange Server at http://www.canyouseeme.org and you should see ‘Success’ if the port is open and forwarded correctly.  If it isn't open and forwarded, check your router and make sure you have the settings configured correctly.

3. Please check the LAN Adapter Binding order to make sure the NIC that Exchange is bound to is at the top of the list (Start> Run> [type] ncpa.cpl [press enter]> Advanced> Advanced Settings> Connections).

Binding Order
4. Open up IIS Manager (Start> Programs> Administrative Tools> Internet Information Services (IIS) Manager), expand ‘Web Sites’ then ‘Default Web Site’ then right-click on the relevant Virtual Directory (see below) and choose properties, then click on the Directory Security Tab):

IIS Manager
Exchange 2003 (Not part of Small Business Server):

Exchange Virtual Directory
•      Authentication = Integrated & Basic
•      Default Domain = NetBIOS domain name - e.g., yourcompany* (no more than 15 characters)
•      Realm = yourcompany.com
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL NOT ticked (very important)

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany* (no more than 15 characters)
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked


Exchange 2003 (Part of Small Business Server):

Exchange Virtual Directory
•      Authentication = Integrated & Basic
•      Default Domain = NetBIOS domain name - e.g., yourcompany*
•      Realm = yourcompany.com
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL IS ticked (very important)

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchange-oma Virtual Directory
•      Authentication = Integrated & Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Restricted to IP Address of Server
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

OMA Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

* yourcompany can be determined by opening up a command prompt (Start> Run> [type] cmd [press enter]) and then typing ‘SET’ and pressing enter.  The variable ‘USERDOMAIN’ is the info you should use for ‘yourcompany’.  Most often – this is not required, but I have seen instances where simply adding this info has made Activesync work.

5. ASP.NET should be set to version 1.1 for all virtual directories listed above.  If you cannot see the ASP.NET tab, you only have v 1.1 installed so do not worry. If any version other than 1.1 is selected, please change it to v 1.1.4322.

ASP Dot Net
6. Make sure that you have HTTP Keep-Alives enabled.  Right-Click on the Default Web Site and choose Properties.  On the Web Site tab, in the Connections section, click the Enable HTTP Keep-Alives check box and click OK

HTTP Keep Alives
7. Check that Ignore Client Certificates is selected under the IISADMPWD virtual directory / Directory Security Tab / Edit Secure Communications Button.  This Virtual Directory may not exist if you have not setup the ability to reset passwords via Outlook Web Access (OWA).  If it is not there – no worries.

IPV6

Please make sure that IPV6 is NOT installed on your server as this is known to break Activesync.  (Start> Run> [type] ncpa.cpl [press enter]) Right-click on your Local Area Network Connection and choose Properties. Look under ‘This Connection Uses The Following Items:’ for Internet Protocol (TCP/IP) v6 – if it exists – uninstall it and reboot.

IPv6
8. Ensure that the IP for the Default Website is set to All Unassigned and using port 80 (open up IIS manager, Right-Click the Default Website and choose properties, then on the Advanced button).

Default Website Ports
If your default website is using any port other than port 80, it simply will not work, so if you have changed this to make something else work, either change it back to port 80 or stop trying to use Activesync!  Also make sure that you are not using any Host Headers on the Default Website because this can also break Activesync.

If you make any changes to IIS, you will need to reset IIS settings.  Please click on Start, Run and type IISRESET then press enter.

SSL Certificate

Make sure that the name on the SSL certificate you have installed matches the Fully Qualified Domain Name (FQDN) that you are connecting to for ActiveSync - for example, mail.microsoft.com.  To check, right-click on the Default Web Site in IIS, choose Properties, click on the Directory Security Tab and then on the View Certificate Button.

View SSL Certificate
SSL Certificate
If it does not match, either re-issue the certificate if you created it yourself, or re-key the certificate from your SSL certificate provider.

If you have a Small Business Server and don’t want to buy a 3rd Party SSL certificate, just re-run the ‘Connect To The Internet Wizard’, (Start> Server Management> To-Do List> Connect to the Internet).

Connect To The Internet
Connect To The Internet Wizard
Click Next.  If the Wizard detects a Router – click No to leave the configuration alone.

Connect Internet Wizard Router Prompt
Make sure ‘Do not change connection type’ is selected and click Next.

Do Not Change Connection Type
Leave the Web Services Configuration Settings as they are and click Next.

Web Services Configuration
Select ‘Create a new Web server certificate’ and enter a ‘Web server name’ e.g., mail.yourdomain.com and click Next.

Web Server Certificate
Select ‘Do not change Internet e-mail configuration’ and click Next.

Internet Email
Click Finish to complete the Wizard

Complete Wizard
If you have Windows Mobile Phones, Activesync is much easier to get working with a purchased SSL certificate.  If you have a self-created SSL certificate and use Windows Mobile Phones, you will have to install the SSL certificate onto each and every Windows Mobile Phone that you want to use with your Exchange 2003 server.  If you only have a handful of devices, then it won’t take long to do, but if you have dozens, a £30 1-Year SSL certificate is probably a very good investment.  You can purchase a cheap, trusted SSL certificate from http://exchange-certificates.com that will work happily.

Windows Mobile Phone / iPhone Settings:


Email Address: Your Users Email Address
Server: Whatever name you have on your certificate e.g., mail.yourdomain.com (do not add /exchange or /oma or /anything)
Domain: Your internal Domain Name e.g., yourdomain (maximum 15 characters)
Username: Your Username e.g., User123
Password: The CORRECT password!
Description: Whatever you want to call the Account


Testing:


If you have got SP2 installed, check on https://testexchangeconnectivity.com to see if everything is working properly by running the Exchange Activesync check. The site is an official Microsoft site specifically for testing Exchange installations and connectivity.

Test Exchange Connectivity - Activeync
Please select ‘Specify Manual Server Settings’ (Exchange 2003 does not have native Autodiscover enabled so using the Autodiscover settings will fail).

3rd Party SSL Certificate:

Do NOT check the “Ignore Trust for SSL” check box

Self-Certified SSL Certificate:

Check the "Ignore Trust for SSL" checkbox.

Test Exchange Connectivity - Manual Settings
If you are trying to make an iPhone work, then you can also download the free iPhone App 'Activesync Tester' and this should identify any problems with your configuration, or download the version for your PC from https://store.accessmylan.com/main/diagnostic-tools

Various Activesync Errors / Solutions:


REMEMBER - If you make any changes to IIS settings, please run IISRESET and re-visit https://testexchangeconnectivity.com and re-run the test.

Activesync Error 0x86000108:
Activesync is unsuccessful and you see the error 0x86000108 on your Windows Mobile Device:
Please read the following MS Article which checks that Authenticated Users has write permissions to the %TEMP% directory (usually c:\windows\temp) – http://support.microsoft.com/kb/950796/en-us

Application Event Log 3005 Errors:
A lot of 3005 errors can be resolved by changing the Default Website Timeout value from 120 (default) to something greater, such as 480 using IIS Manager.
For Small Business Server 2003 Users - please read this MS article - http://support.microsoft.com/kb/937635

Inconsistent Sync:
If you are getting inconsistent Synchronisation from your device to your Exchange 2003 server, please add the following registry key to the server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan
ProactiveScanning      REG_DWORD      1

HTTP 401 Error:
If you are getting an HTTP 401 error when testing on https://testexchangeconnectivity.com then you are probably entering an incorrect username or password, or you may have IP Address restrictions setup on your virtual directories (see IIS Settings above under prerequisites).

HTTP 403 Error:
Ensure that Forms Based Authentication is NOT turned on under Exchange Virtual Server under Exchange Protocols (Exchange System Manager, Servers, Protocols, HTTP, Exchange Virtual Server properties, Settings Tab).  If it is – please readhttp://support.microsoft.com/kb/817379 and create an exchange-oma virtual directory following the instructions in the KB article.

I have had Activesync work despite seeing "An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>" at the end of the test above.  To resolve this (if you like things tidy), please open up Exchange System Manager, Global Settings, Mobile Services Properties, Device Security Button, Exceptions Button, then add your account to the exceptions list.

I have also seen the 403 error resolved by running:
eseutil /p
eseutil /d and
isinteg -s servername -fix -test alltests (at least twice)

Check to see if Activesync is enabled globally on your server - http://technet.microsoft.com/en-us/library/bb125073(EXCHG.65).aspx

Also check to see if it is enabled on a user by user basis - http://technet.microsoft.com/en-us/library/aa997489(EXCHG.65).aspx

HTTP 500 Error:
If you still cannot get Activesync to work or keep getting an HTTP 500 error, please follow Method 2 in Microsoft Knowledgebase Article KB883380 (http://support.microsoft.com/kb/883380) and this should resolve the issues. This essentially deletes the Exchange Virtual Directories from the IIS Metabase (which can be corrupted) and rebuilds them. When deleting the Exchange virtual Directories, please also delete the Exchange-OMA virtual directory if it exists.  Rebuilding those virtual directories often clears up problems that all the other steps above do not resolve.

If, after following KB 883380, Activesync still does not work and it keeps coming up with HTTP 500 errors, please do the following:

• Disable Forms Based Authentication - Exchange HTTP Protocol (if enabled)
• Remove SSL settings from the Exchange IIS virtual directory
• Run iisreset
• Test Activesync without SSL selected - hopefully this should work or give the OK result
• If okay - right-click on the Exchange Virtual Directory and select all Tasks> Save Configuration to a file. Name the file Exchange and save to the desktop
• Run Regedit (and be extremely careful here as you can kill your server very easily) then right-click on My Computer and select Export. Name the file as 'EntireRegistry' and save the backup of the registry to the desktop
• In regedit - locate HKLM \ System \ CurrentControlSet \ Services \ MasSync \ Parameters and delete the ExchangeVDir key from the right-hand pane.
• Close Regedit
• Right-click on the default-website and select New> Virtual Directory fom File. Browse to the desktop and click on the Exchange.xml that you created above, then click on Read file, select Exchange from the 'Select a configuration to import' section and click on OK. Select 'Create a new virtual Directory' and name the directory 'exchange-oma' and click OK.
• Right-click on Exchange-OMA virtual directory you just created and click Browse - you should see OWA open up happily
• Open Regedit and add the ExchangeVDir key back that you recently deleted as a String Value and then change the value to read /exchange-oma
• Close regedit
• Enable SSL and require 128-Bit Encryption on the Exchange Virtual Directory to ensure it is secure once again
• Enable Forms Based Authentication (if you want to use it) on Exchange > Protocols> HTTP
• Make sure that Integrated Authentication is enabled on the Exchange Virtual Directory
• Check that the Exchweb virtual directory does not have SSL enabled
• Run iisreset
• Test Activesync – it should hopefully be working now!

If the above fails, please check you event logs for Event ID 9667 - Source MSExchangeIS.  If this event exists, please have a read of MS KB820379 - http://support.microsoft.com/default.aspx?kbid=820379

In a recent question on EE, I was advised that running the following command against the unmounted database solved an HTTP 500 error, so if you are still having issues, please try running the integrity check (from a command prompt):

Isinteg –s servername –fix –test alltests

Select the dismounted database and let the check run.  If you see 0 errors and 0 fixes, then all is well.  If not, please re-run the test until you do (as many times as it takes - two usually is ufficient).

If you are still reading this article and are still seeing HTTP 500 errors, then we need to check the settings on the EXCHWEB Virtual Directory in IIS Manager.

Exchweb Virtual Directory
•      Authentication = Anonymous
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchweb \ Bin Directory
•      Authentication = Basic
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchweb \ Bin \ Auth Directory
•      Authentication = Anonymous
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchweb \ Bin \ Auth \ USA Directory
•      Authentication = Basic
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

REMEMBER - If you make any changes to IIS settings, please run IISRESET and re-visit https://testexchangeconnectivity.com and re-run the test.

Hopefully if you are now at the bottom of my article, your mobile phones should now be synchronising happily.  If that is not the case, please review your IIS Settings carefully and start at the top of this article again.

RECENT UPDATE (10/01/12) - A piece of software called Hide Folders 2009 has been found to install a service called "FSPRO Filter Service"and a dll called FSPFltd.sys (in c:\windows\system32\drivers).  This program breaks Activesync.  If you have Activesync part working / part not working, please check your server for this software and if it is there - disable the service, move / delete the .dll file and restart your server.  Once restarted, Activesync should return to normal functionality!

If you are still not working – then you will probably have to call Microsoft to get support from them as something else not covered by this article is causing your problems.

So, in summary, you have reviewed and checked the settings in IIS to ensure that Activesync will work on your Exchange 2003 server, you have made sure that you have Exchange 2003 Service Pack 2 installed and you have run a test to make sure that your server is responding happily and by now, your iPhones and Windows Mobile phones should be happily synchronising.

Having got this far - and hopefully fixing your problems - if you have found this article helpful, please vote for it at the top of the page : )

This article has currently been accepted as the solution in 353 questions on Experts-Exchange.  If you use this article as a result of it being posted in a question on EE, please accept the comment that this article was posted in as the solution : )
158
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
157 Comments
 
LVL 2

Expert Comment

by:Clement P
Dude you rock, amazing information here ...
0
 

Administrative Comment

by:Articles101
Reviewing
0
 

Expert Comment

by:xrpk03y
Should these settings be applied to the frontend OWA server and backend server - mailbox?

Thanks

Please check and mirror the settings below (Open up IIS, expand the default website then expand the relevant Virtual Directory, right-click on the Virtual Directory and choose properties, then click on the Directory Security Tab):

Exchange 2003 (Not part of Small Business Server):

Exchange Virtual Directory
•      Authentication = Integrated & Basic
•      Default Domain = NetBIOS domain name - e.g., yourcompany (no more than 15 characters)
•      Realm = yourcompany.com
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL NOT ticked (very important)

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany (no more than 15 characters)
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:JCinNC
Wasn't working until I followed your FAQ.  PERFECT!

Thanks!!!
0
 
LVL 1

Expert Comment

by:clicker666
Fantastic!  I've been trying off and on for years to get this working.  Turned out my ISP had my 443 firewalled, in addition to all the remaining config stuff.
0
 

Expert Comment

by:Mlsharp
good job
0
 

Expert Comment

by:KiwiTechPete
Hey Alan, thanks for posting this - after several days of headbanging,  joining EE and finding your FAQ has resolved my problem and I'm happy (even better the boss is happy!)
0
 
LVL 76

Author Comment

by:Alan Hardisty
You are very welcome KiwiTechPete and a very warm welcome to EE.  Hopefully the rest of your time here will be just as rewarding.

Alan
0
 
LVL 1

Expert Comment

by:ctuckerini
Very nice...worked like a charm and put many hours of scouring the internet to bed!
0
 

Expert Comment

by:Geekbox
Wowza!  Great FAQ.  It fixed my issues where all others only stabbed at bits and pieces of the problem.
0
 

Expert Comment

by:jason_willison
Wow - can't thank you enough.  Made it a lot easier to understand and resolved our issues.  Awesome document.
0
 

Expert Comment

by:clifford_m71
For two weeks I have been trying to get a DROID X phone to connect with my exchange account. This articel resolved the issue....thank you. Specifically unchecking SSL on the Exchange virtual directory. All the other directories still have SSL checked. Is there any security issue by not having SSL checked on the Exchange Virtual Directory?
0
 
LVL 76

Author Comment

by:Alan Hardisty
@clifford - assuming you are not using Exchange 2003 as part of Small Business Server 2003, there is no security issue having SSL unticked on the Exchange Virtual Directory.  This is how it should be.  If you are using SBS 2003, then it should be ticked and you should have the exchange-oma virtual directory and that should not be using SSL, whereas the Exchange virtual Directory should be.

Alan
0
 

Expert Comment

by:Salonge
I followed your instructions exactly, but I keep getting the same error on my EVO, Unable to create account, please try again later.  What is up with that?  this is so frustrating.
0
 
LVL 76

Author Comment

by:Alan Hardisty
@Salonge

What are the results of the test on https://testexchangeconnectivity.com ?

If you get all green lights, you may be entering incorrect information on your Evo in terms of domain / username / password / servername etc.
0
 

Expert Comment

by:Salonge
Everything passed except the mobile certificate and below is the results.
       
      Additional Details
      Validating certificate trust for Windows Mobile Devices
       Certificate trust validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain did not end in a trusted root. Root = CN=XXX.XXX..ORG

I clicked on the link, but it tells me nothing about how to resolve it.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Is your certificate a 3rd party SSL certificate or a self-issued certificate?

If it is self-issued - when you run the test - make sure you tick the "Ignore Trust For SSL" check box and then complete the test.
0
 

Expert Comment

by:Salonge
I think it is a 3rd party SSL certificate.  
0
 

Expert Comment

by:Salonge
We are using a self-issued certificate from Verisign.  I got this message when I checked "ignore trust for SSL"

The certificate is expired. NotAfter = 1/7/2007 8:05:04 PM (UTC)
0
 
LVL 76

Author Comment

by:Alan Hardisty
Do you want to open up a question and post the link - this is not realy the right place to troubleshoot your issues?

Alan
0
 

Expert Comment

by:Salonge
sure, I will do it.
0
 

Expert Comment

by:forrestcomputing
We were having issues with "cannot get mail" on iphone 3GS ios 4 and iphone 4 -we thought we had tried everything. Followed this article from start to finish and it has resolved the problem. We are using a self signed certificate on a stand alone SBS 2003 box.

Thanks so much!
0
 
LVL 76

Author Comment

by:Alan Hardisty
You are welcome.  Glad it helped. Self-signed certs on Exchange 2003 are fine, as long as they are named properly.

Don't forget to vote for it too if you liked it!
0
 

Expert Comment

by:PaulCutcliffe
Thanks - I've been having trouble with this, but no more since reading your article!
0
 
LVL 76

Author Comment

by:Alan Hardisty
Fantastic - I am glad that it was helpful and if you recently voted my article as helpful, many thanks.  If not, please feel free to vote : D
0
 

Expert Comment

by:PaulCutcliffe
(I did already!)
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks very much - I thought so : )
0
 

Expert Comment

by:forrestcomputing
Voted. Cheers
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thank you.
0
 

Expert Comment

by:fmilian
THANKS!!! Finally got the iPhone working after only 6 months of try and fail and settling for pop3.  This is great! Clear and easy to follow...  thanks again...
0
 

Expert Comment

by:fmilian
and yes, I voted...
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks for your comments and the vote - much appreciated.

Alan
0
 

Expert Comment

by:scotru
Excellent article--thanks so much (voted)!
0
 
LVL 76

Author Comment

by:Alan Hardisty
: ) Thanks scotru
0
 

Expert Comment

by:GeorgeMartin601
Alanhardisty - I'm sorry, sorry, sorry.  I'm obviously the black sheep here.  Still get the 500 errors.  No 9667 in events.  I've gone through full process three times.  I'm obviously missing something or I suspect not following all the steps/links/articles in order.  Can you offer anything?  thanks
0
 
LVL 76

Author Comment

by:Alan Hardisty
Hi GeorgeMartin601,

As my article says lower down, if you keep getting the HTTP 500 error, the next port of call is Microsoft Support as something else is messed up.

Sorry

Alan
0
 

Expert Comment

by:GeorgeMartin601
you wanna get paid to take a look and fix?  I bet it's something stupid and simple.  
0
 
LVL 76

Author Comment

by:Alan Hardisty
We can't accept offers to work remotely via EE - but that doesn't stop you finding my contact details and getting in touch directly ; )
0
 

Expert Comment

by:GeorgeMartin601
clicked "hire me" in your profile.  I'm assuming this is what you mean?
0
 

Expert Comment

by:pdoyley
Alan, awesome post. Your steps to reset IIS permission are a must have and normalized my IIS after I had destroyed it during my troubleshooting.

However his did not solve my particular 500 error.  

In the end my issue, was a corrupt Exchange database. Running isinteg found folder issues, and repaired as expected.

I suggest users that cannot solve the 500 issue, backup exchange stores, and logs, then;
isinteg -s ServerName -alltests
verify errors, and determine if safe to fix then;
isinteg -s Servername -fix

--pd
0
 
LVL 76

Author Comment

by:Alan Hardisty
Interesting - I have not seen Exchange Database errors cause HTTP 500 issues.

I am about to re-write the article with more troubleshooting steps - so will make sure I include that in the next revision.

Thanks for the earlier vote ; ) and thanks for the update.

Alan
0
 

Expert Comment

by:pdoyley
@ Alan I was surprised as well.  The main issue on my clients server, is that they deleted the stream file.  This had to be recreated with eseutil /p /createstm. Exchange messaging worked fine, as well as OWA. I realized days later, thinking back that maybe isinteg needed to run, like when priv.edb gets corrupted.

--pd

0
 
LVL 76

Author Comment

by:Alan Hardisty
Ah - that could have a bit of a bearing on the problem!

Oh well - it is in the revised document already.  Hope you like the changes.

Alan
0
 

Expert Comment

by:Supracom
You're the best! Been working on a 500 error for days and your checklist did the trick!

Thanks again for your effort on sharing your experience
0
 
LVL 76

Author Comment

by:Alan Hardisty
You are welcome Supracom - glad it was helpful to you.

Alan
0
 
LVL 8

Expert Comment

by:SeaSenor
Excellent work....quite superb.  This helped immensely.

0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks SeaSenor - glad you found it helpful.  Don't forget to vote on my article if you haven't already.

Alan
0
 
LVL 8

Expert Comment

by:SeaSenor
tis done....and gladly so....
next project for me is to install and move everyone from exchange 2003 to 2010.

any links you know to be helpful?
0
 
LVL 76

Author Comment

by:Alan Hardisty
Many thanks.

Funny you should mention it!!

The undisputed champion of 2003 to 2010 migration guides (ignore the SBS part):

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html?
0
 
LVL 8

Expert Comment

by:SeaSenor
lol.. thanks!

i have a few outlook 2003 clients left in the domain, but we don't use public folders at all really.
I have a few forms installed on the 2003 box though.

when installing exch 2010 can i just tell it i don't have any 2003 oulook clients?  I prefer not to keep them around much longer anyway.

0
 
LVL 76

Author Comment

by:Alan Hardisty
This isn't really the right place to be discussing a migration / migration issues.
0
 
LVL 8

Expert Comment

by:SeaSenor
I see.   thanks alot for the info.
0
 
LVL 76

Author Comment

by:Alan Hardisty
If you want to discuss things - you can either raise a question or drop me / Demazter an email.  He is the Migration guru.
0
 
LVL 8

Expert Comment

by:SeaSenor
oh...i didn't know we could email.
I appreciate it, and may do so in the future. Hopefully won't need too much assistance.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Some Experts post their details in their profiles - some don't.  Both Demazter and I do : )
0
 
LVL 8

Expert Comment

by:SeaSenor
well that's only because  YOU GUYS ROCK!

:D
0
 

Expert Comment

by:yet_another_jash
This is a seriously excellent post - I have been trying to solve this one for months - sadly though I am still getting HTTP 403 errors - activesync disabled for this user. Checked global and individual settings for activesync - all enabled. I have this working on two other SBS boxes and all the settings look the same - this one (which is the important one for me) is still failing with the 403 errors. Everything else checks out OK and the ActiveSync tester tool is really helpful though all I get is "ActiveSync detected, but access denied. [HTTP 403: Disabled for this user)" each time I run it. I have tried all users, created new users, no difference. Exchange SP2 was already applied, all directory permissions checked. One thing on this particular server is that the domain name is really long 'tacktickenginerringdivision.local' (yes, there is a deliverate spelling mistake in there) though the netbios name is 'TACKTICKENGINE' - would this be causing an issue?
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks yet_another_jash,

The length of the domain name is not an issue - but when you enter it anywhere such as on the mobile device, you can only use the 15 character limit, so the domain becomes 'tacktickengine' only.

The Realm & Domains are often left at \ and blank by Microsoft, but I have found they work (and once resolved issues by simply adding them as per my article), so if you have problems, set the Realm to \ and the domain to blank.

If you continue to get problems, post a question and feed me the link : )
0
 

Expert Comment

by:skiaholic
thanks a lot!!! very helpful
0
 

Expert Comment

by:kucelkj
Wow, I'm blown away by this great technical article!  At my former high tech company, this would have gotten you a promotion!

Really great, can I give you points for the help!!!!!
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks kucelkj - you can vote for the article which gets me some points, otherwise, your praise is sufficient reward : )
0
 

Expert Comment

by:kucelkj
Alright alanhardisty, best wishes for success in 2011!!!!
0
 
LVL 76

Author Comment

by:Alan Hardisty
Many thanks - you too.

Alan
0
 

Expert Comment

by:jag-pens
kudos
0
 

Expert Comment

by:mrhazman
Thanks for the great post.
I had my problem fixed and I was up and running in 20 mins after reading this.

Well worth the months subscription.
0
 
LVL 76

Author Comment

by:Alan Hardisty
: ) - Great news - thanks for the feedback - it's always good to hear.

Alan
0
 
LVL 13

Expert Comment

by:BCipollone
Great Resource. Someone give this man a raise.
0
 

Expert Comment

by:Up2DateTech
Hello alanhardisty

I have been getting the error with the web test
A Web exception occurred because an HTTP 401 - Unauthorized response was received from Unknown.
And
ActiveSync detected, but not correctly configured. [HTTP 500: Forms-based auth enabled?]
with the windows test program.

i've followed your article but can't get this problem fixed.  BTW i've done your article twice over the server.  and before i found it i'd done most of it myself.

I really don't know what to do next.  Any ideas ?

Regards,
0
 
LVL 76

Author Comment

by:Alan Hardisty
Up2DateTech,

If you have tried the 401 / 500 error section of my article and exhausted it, then your only option now is to call Microsoft I am afraid.

I am waiting to be able to add more to the article by talking to Microsoft myself with an HTTP 500 error that my article doesn't cover, so as soon as I can tackle another server and then call MS, I should be able to add to the document and hopefully resolve 100% of the problems.

Alan
0
 

Expert Comment

by:HiddenLakes
Great aricle.  I voted for it to give you some points.  This is probably the best, most informative article I have ever read on EE.  You clearly know your stuff.  Well Done!
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks HiddenLakes - that's lovely to hear.

Alan
0
 

Expert Comment

by:SimpsonTechMonkey
Bam! Got Activesync working for us as well. (Exchange 2003 that I inherited 3 years ago and even had a consultant bang on it...)
0
 
LVL 76

Author Comment

by:Alan Hardisty
: ) - Great news.  Thanks for letting me know.

Alan
0
 
LVL 2

Expert Comment

by:azmatshaikh
Thanks a lot for sharing very usefull notes.
0
 
LVL 76

Author Comment

by:Alan Hardisty
You are welcome - I hope you found them handy.  If you haven't voted for my article already - please do :D
0
 

Expert Comment

by:rsilver24
Hi, I am running Exchange 2010 with IIS 7 by any chance do you have the steps to resolve Activesynce Issues with Exchange 2010?
0
 
LVL 76

Author Comment

by:Alan Hardisty
@rsilver - short answer is no - very different beast.  What problems are you having?

Have you seen my other article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Have you installed a 3rd party SSL certificate?
0
 
LVL 74

Expert Comment

by:Glen Knight
Easiest thing to do with Exchange 2010 is reset the virtual directories.

In the Exchange Management Console under Server Configuration > Client Access, click Reset Virtual Directory on the right hand side, go down each one in turn and run the wizard.

If that doesn't fix it, raise a question in the Exchange zone and you will be jumped on by all and sundry!
0
 

Expert Comment

by:rsilver24
No I have not installed a 3rd party ssl certificate.  Is that what is needed?  When I run activesnyc test I get the following error:

 Host name mail.hali88.org doesn't match any name found on the server certificate CN=HALISERV2.
0
 

Expert Comment

by:rsilver24
demazter - this is a production box.  If I reset the virtual directories will I be breaking anything?

Please advise?
0
 
LVL 76

Author Comment

by:Alan Hardisty
Personally I buy one every time from http://www.exchange-certificates.com (very cheap and very reliable) and include the following names:

mail.domain.com (or whatever you want to use)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername

With those names in the certificate and the certificate installed / enabled for POP3 / SMTP / IMAP / IIS all services should fall into place nicely.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Don't reset anything yet - your cert does not include the above names - sort that out first - then if needed, reset the virtual directories.

Alan
0
 

Expert Comment

by:rsilver24
Do I need to purchase a 3rd party certificate?  Can I just install Active Directory Certificate Services on my domain controller?
0
 
LVL 76

Author Comment

by:Alan Hardisty
You don't NEED to - but it makes life much easier and you don't have to change half the Exchange settings to do so.

Personally, the cost of a 3 year 3rd party SSL certificate ($180 / £120) is well worth it IMHO for the amount of hassle it won't cause you.
0
 

Expert Comment

by:seanfoord
Thankyou for a very helpful guide, we have been using activesync for over a year with sbs2003 & around 8 iphones,  for some strange reason it stopped working. I went through your guide step by step - corrected a few items & now it all works.

Thanks again

0
 
LVL 44

Expert Comment

by:Amit
Another Great Article. My Vote is already in.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks Amit.
0
 

Expert Comment

by:narley
Very cool.  This must be a compilation of dozens of articles and other resources, along with an obvious deep knowledge of the topic.  You just saved me hours of research and headache, not to mention I looked good for a new client.  Thanks Alan!
0
 
LVL 76

Author Comment

by:Alan Hardisty
Hi narley,

Glad that my article helped you out and made you look good.  Yes - it is a compilation of the resources on the web and also several years worth of troubleshooting the issue on EE in a few questions!  Thanks for taking the time to comment.

Alan
0
 

Expert Comment

by:narley
I just wish I had found your article earlier! :-)  Thanks again.
0
 

Expert Comment

by:ATC-SyTech
Alan,
Thank you for valuable information. I was able to get my phones to sync with exchange 2003 once again.

RC
0
 

Expert Comment

by:BeerTime
Great article, thanks for taking the time to spoon feed us!!
0
 

Expert Comment

by:Yucel Altingoz
HI,
My test passed with one warning and I can't figure out how to solve it.

Validating certificate trust for Windows Mobile devices

The certificate is only trusted on Windows Mobile 5.0 with the Messaging and Security Feature Pack and later versions. Windows Mobile 5.0 devices won't be able to sync. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

Please advice

Thanks
0
 
LVL 76

Author Comment

by:Alan Hardisty
If you don't have any Windows Mobile 5.0 phones - and hopefully you don't because they are antiques by now - then you can safely ignore that error.
0
 

Expert Comment

by:Yucel Altingoz
Alanhardisty,

I have no problems and Iphones are connecting, however, I noticed that not only smart phones are now working but also OWA is now working from outside our network, it is an https connection.
we only have a single exchange server, not front end/back end.

Is it safe to keep owa running with one server??  
Do I have to do additional configurations for security like enable ssl on other virtual directories??

Thanks for your help
0
 
LVL 76

Author Comment

by:Alan Hardisty
Yep - OWA via HTTPS is fine to leave running.  Just make sure you have strong passwords, force them to be changed regularly and you will minimise the chances of being attacked by a Brute Force attack (not necessarily via OWA).

Please read my two blogs:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/

http://alanhardisty.wordpress.com/2010/12/01/increase-in-hacker-attempts-on-windows-exchange-servers-one-way-to-slow-them-down/
0
 

Expert Comment

by:BeerTime
Hi Alan,
I am not getting a prompt on iPhone to accept SSL certificate, the IIS configurations are as follow.  The LAN ActiveSync Tester on iPhone passes all tests with SSL ON.  The Exchange account on iphone also works with SSL on …Do you know if I am missing any steps?

Exchange Default Web Site
•      Secure Communications = Require SSL NOT ticked

Exchange Virtual Directory
•      Authentication = Integrated & Basic
•      Default Domain = NetBIOS domain name)
•      Realm = yourcompany.com
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL NOT ticked

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked

Thanks!
0
 

Expert Comment

by:mudgie
Thanks. Step 3 did it for me - coudn't get my wife's new android phone to sync. Had two nics and the binding was reversed. Good job!
0
 

Expert Comment

by:btribe
Awesome post at least I was able to get it up and running for 30 minutes before all the errors came back. Still experiencing event ID warning 3007, error 3005 and error 3014. When I run the www.testmyconnectivity.com, at first it was successful and on my iphone. after 30 minutes all passes but activesync. The specific error on this site was: The test of the FolderSync comman failed, below is a copy from the message.

Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
       Additional Details
       Exception details:
Message: The operation has timed out
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Tests.ActiveSync.ActiveSyncFolderSyncTest.PerformTestReally()
 If you have any suggestions it would be greatly appreciated. I follow all your steps to the tee, and other steps that I had found. Going on three days now without a fix.

thanks
Brian
0
 
LVL 76

Author Comment

by:Alan Hardisty
Check the default timeout on your default website and set to 480, then for the 3007 errors, there is a hotfix which is recommended:

http://support.microsoft.com/kb/941439

If that still fails - drop me an email if you want.

Alan
0
 

Expert Comment

by:btribe
Yes I have set that to 480 and was still receiving the errors, I also downloaded the latest hotfix's sot the Massync.dllis file version 6.5.7654.7 with a date of 10/8/2008. I believe everything is current however I noticed that my CPU usage is 100% so I had to add the MaxAllocationIncrement into the registry and I just rebooted my server. I'll check it and see how it is working. I may have to do this a few times as they recommend starting at 4 and working your way up. I'll keep you posted.

Thanks
0
 
LVL 76

Author Comment

by:Alan Hardisty
No probs - here if you need me.
0
 

Expert Comment

by:btribe
I set it to 4 however withing 40 minutes I was at 100% CPU usage again and 3007 started showing up. I increased it to 16 and giving that a try. What is a general recommendationn for this setting? If there is one.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Not ever had to set that key before, so can't make a recommendation I'm afraid.
0
 

Expert Comment

by:VNE
Thanks so much for this post.  It has saved me an unmeasurable amount of time and frustration.

vne
0
 
LVL 76

Author Comment

by:Alan Hardisty
You are welcome - glad it helped.

If you liked it that much - please feel free to vote for it :)

Alan
0
 

Expert Comment

by:paldie
Alan,

Having an issue with SBS 2003 server which is doing the HTTP 500 errors.  

I'm in the process of running the isinteg tests.  IS is dismount but the -alltests switch doesn't seem to work Do the tests have to be run separately?

We also just installed a wildcard ssl; [*.companyname.com]   Any idea if this might be causing the problem?
0
 
LVL 76

Author Comment

by:Alan Hardisty
@Paldie - the isinteg command should be a single command "isinteg -s servername -fix -test alltests"

Wildcard cert shouldn't be a problem - not ever used one as they are more expensive than a single name cert - but don't see that being an issue.
0
 
LVL 4

Expert Comment

by:acstechee
Excellent Article.

Thankyou for the advice.

Gareth
0
 

Expert Comment

by:YasuYasu
Great article!

I should find this at first place as sync with iphone and sbs2003 took me a month.

Thanks.
Yasu

0
 
LVL 76

Author Comment

by:Alan Hardisty
Ouch!  Sorry you didn't find it sooner.

Hope it helped - if it did, please vote for it at the top of the article.

Thanks

Alan
0
 

Expert Comment

by:hocshocs
How do you recreate the exchange oma directory?
you recommend deleting it for the http 500 error but following the
ms article doesn't re create it?

Thnak you
0
 
LVL 76

Author Comment

by:Alan Hardisty
KB817379 walks you through creating exchange-oma.
0
 

Expert Comment

by:brucie64
Awesome guide!!
Just make sure you follow the guide closely and turn SSL off on Exchange VD and do a iisreset before doing the KB817379 and then do a iisreset after you are done.

Thanks again for the great article Alan
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks Brucie64 - Don't forget to vote for it too :)
0
 

Expert Comment

by:Franklittle
Excellent walk through. Thanks a lot. Finally nailed my SBS 2003 Exchange sync problem (domain name was actually just a little different than expected; that's all, but the walk through made me take it step by step!) and got ActiveSync working at last on a Nokia N8 (Symbian^3 Belle).
0
 
LVL 76

Author Comment

by:Alan Hardisty
That's the plan - well done and glad it was helpful.  Many thanks for the Yes vote too ;)
0
 

Expert Comment

by:Franklittle
MMh. Yes ,where is that voting button, now?
0
 

Expert Comment

by:dudleytb
Thank you.  This article helped me resolve an issue that I was having!
0
 

Expert Comment

by:svillardi
This is a fantatic FAQ, Alan.  I cannot believe how easy you made this.  I cannot find the "vote button" but if someone can tell me where it is, you will be voted the next American Idol.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Thanks svillardi,

Glad you liked my article.  There used to be a vote button!  I'll see if I can figure out where it went.

Found it.  At the bottom of the actual article (above all the comments) is a Was this article Helpful Yes / No link.

That's where to vote :)

Was the article helpful
0
 

Expert Comment

by:lynch_andover
Excellent article, it gave us a very nice roadmap. However we still have about half of the phones posting errors after deleting and re-adding the email account on the device.  Can you point me to additional information if the error is only sporadic?

Thank you
0
 

Expert Comment

by:GStoner
Hi Alan,
Excellent Article... Will be voting shortly...
We have quite a few iphones now working well for the most part on our Exchange 2003 box...  still having frequent 3005 errors in the Event Log even after changing the timeout to 480...   Also seeing occasionaly "message not downloaded from the server" and "could not move message" errors on some of the iphones... All very random... A reboot of exchange seems to help but only for a while... Any ideas/thoughts?
Thanks again for all the info!
0
 
LVL 76

Author Comment

by:Alan Hardisty
Hi GStoner - please have a read of the following article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_10070-ActiveSync-3005-Error-with-HTTP-status-507.html

Might be helpful to you.

Alan (thanks for the vote) :)
0
 

Expert Comment

by:GStoner
Thanx for the quick reply... I think that # of mailbox items might be part of the issue... although I think some are non-Calendar items so I'm not sure the users will want them deleted

Also getting this error in the App Log:
Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3027
Date:            4/9/2012
Time:            7:57:45 AM
User:            N/A
Computer:      WATSON
Description:
An error occurred on the socket that is used to process AUTD notifications.  The error code is [10055].  As a result, AUTD has been uninitialized, but it will be reinitialized upon receipt of the next Ping request.  If you continue to see this message, restart IIS.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Do you have an SBS server or plain Exchange?
0
 

Expert Comment

by:GStoner
Just plain exchange... 1 box... no front end /back end... running Exchange 2003 SP2
0
 

Expert Comment

by:cas_three
Do you happen to have any articles like this for Exchange 2010 on SBS?

Thank you!
0
 
LVL 76

Author Comment

by:Alan Hardisty
No!  What's the problem?

With SBS 2010 it should just be a case of running the SSL Certificate request Wizard from the Exchange Management Console> Server Configuration> New Exchange Certificate, complete all the relevant sections, purchase an SAN / UCC SSL certificate from somewhere like GoDaddy or www.exchange-certificates.com which is cheaper than GoDaddy, then request the certificate, approve it, download it, install it, enable it and job done.
0
 

Expert Comment

by:cas_three
I purchased a UCC cert from godaddy with all the appropriate SANs.  It appears to be installed correctly, but when run the exchange connecitivity test, I get
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.

It's driviing me crazy!!

One thing I did notice and I just created a question on it. When I run test-outlookwebservices username, the very first Run Space ID indicates that it found the autodiscover service connection point at https://autodiscover.domain.com.  However, my domain name is spelled incorrectly there and I'm not sure where to go to fix it?

Thank you!
0
 
LVL 76

Author Comment

by:Alan Hardisty
What names did you include in the SSL certificate?
0
 

Expert Comment

by:GStoner
Hi Alan,
Just noticed activity on this thread again and was wondering if you were able to find anything on my error listed above from 4/11?
Thanks!
0
 
LVL 76

Author Comment

by:Alan Hardisty
Sorry - email overload!

Suggested fix for that is to run IISRESET.
0
 

Expert Comment

by:cas_three
autodiscover.domain.com
remote.domain.com
domain.com
webmail.FQDN
servername.domain.com
www.domain.com

And I fixed the incorrectly spelled domain name with Set-ClientAccessServer -identity CAS_servername -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Thank you so much!
0
 

Expert Comment

by:cas_three
Sorry I mixed up webmail and servername.

It's servername.FQDN.  Webmail.domain.com
0
 

Expert Comment

by:GStoner
IISRESET doesnt seem to help for long before the error reoccurs...
0
 
LVL 76

Author Comment

by:Alan Hardisty
Okay - the names you need in the certificate are:

remote.domain.com or www.domain.com or whatever you want and have configured SBS with (default is remote.domain.com)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername
sites

If you don't have these names, you will see certificate errors somewhere.

Have you also created an Autodiscover A record in DNS externally?
0
 
LVL 76

Author Comment

by:Alan Hardisty
I would suggest you start with re-installing SP2 for Exchange and if that fails, post a question and ping me a link.
0
 

Expert Comment

by:cas_three
They don't use sharepoint at all so I don't care about sites.

for the A record, what should it resolve too, the ip of the server, the name of the server or the external ip?
0
 
LVL 76

Author Comment

by:Alan Hardisty
A records are always IP addresses, so it needs to resolve to the Public IP of the SBS 2011 server.

No worries about Sharepoint / Sites - don't know anyone who uses it either!!
0
 

Expert Comment

by:cas_three
Ok I think that might be where I'm off, there is an Alias in the external dns zone for autodiscover and not an A record.
0
 
LVL 76

Author Comment

by:Alan Hardisty
Ok - make sure you don't have an SRV record too.  You need either an Autodiscover A record OR an SRV record but not both.
0
 

Expert Comment

by:cas_three
Nope, still getting ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443 UGHHHHH!!

The services attached to the SSL Cert are IIS, POP, SMTP and IMAP.  Even though we don't use POP at all, figured it couldn't hurt to just cover everything to get it working.

I get this error when I'm running. the MS Exchange Server Remote Connecitivty Anaylyzer.

I'm almost convinced that this tool was set up to never have all green in it!

Thanks so much for your help on this! If I can somehow give you points for this, please let me know.
0
 
LVL 76

Author Comment

by:Alan Hardisty
If you want to open a question for this - or do you want me to pick up your current question (assuming that the question is relevant to the problem we are trying to resolve)?

Best place to answer questions isn't here to be honest.
0
 

Expert Comment

by:cas_three
I'll create a new question for this, is there some way to notify you?
0
 
LVL 76

Author Comment

by:Alan Hardisty
Click on my name for my profile with my contact details or post a link here.
0
 

Expert Comment

by:michaellhix
I agree; kick ass.  This should be flagged somewhere for easy access to peeps who aren't even looking for this info so that they can book mark it for later.  If you're ever in KY, the beer's on me.
0
 

Expert Comment

by:GregMooreTech
I followed this guide and activesync tested fine using https://www.testexchangeconnectivity.com/  , phones could connect , see email folders , send email but not see the contents inbox and other folders .

The issue ended up been related to the AV on the SBS2003 box . Followed this article and the problem went away

http://support.microsoft.com/kb/823166
0
 

Expert Comment

by:wkragland
I just got tasked with getting activesync working at the not for profit agency I worked at after our trained and experienced exchange expert left for greener pastures. I followed all of the instructions in this well written article and ran the Remote Connectivity Analyzer and it indicates there is a problem with port 443. This port is being filtered, could that be the problem?

We are running Exchange 2003 SP2 on Windows server 2003. We have a Sophos email appliance for email filtering and a Sophos web appliance for filtering internet content.
0
 
LVL 76

Author Comment

by:Alan Hardisty
If the port is being filtered, then that may well be causing you problems.

Why is it being filtered?  Can it be unfiltered for testing purposes and then if it works afterwards, you can then decide if you want Activesync working or the filtering applied.

Most of the time, filtering only causes problems!!

Alan
0
 

Expert Comment

by:GregMooreTech
If  you  are referring to the Sophos/Astaro UTM firewall I have a few of these running with activesync with no issues.

GM
0
 
LVL 7

Expert Comment

by:XGIS
Hello Allan,

What a fantastic article. would you by any chance be updating it for exchange 2013?
0
 
LVL 76

Author Comment

by:Alan Hardisty
Exchange 2013 doesn't need an article - in Exchange 2010 you can reset the virtual directories really easily and I've only played with one 2013 server (in Italy - in Italian) and would imagine that you can do the same on that too, so not much effort required to get it working!  I need to build my own to play with but haven't had the chance yet.

Install a 3rd party SSL certificate on any Exchange server (from 2007 onwards) and Activesync just works out of the box.

Are you having problems?
0
 
LVL 7

Expert Comment

by:Reece Dodds
Hi Alan

I'm currently working on resolving a smartphone issue with AS for our 2003 exchange box (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28475856.html) and as I read through your article, I just want to confirm that for the Microsoft-Server-ActiveSync authentication settings you mention that Realm: needs to be the NETBIOS name.

The NETBIOS domain name (same as default domain) or the NETBIOS computer name?  Or some other NETBIOS name?
0
 
LVL 76

Author Comment

by:Alan Hardisty
As per my slightly more updated Blog article:

http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-configuration-and-troubleshooting/

"The Domain / Realm parts can be left as “\” for the Domain and Blank (empty) for the Realm.  MS recommend it this way, but I have fixed some servers by adding the Domain / Realm as per the settings above."

The Realm is the NETBIOS domain name if you want / need to enter it.

Alan
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Join & Write a Comment

To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month