emkayd
asked on
Exchange ActiveSync Problem
Hello All,
The problem I'm faced with looks like a cell phone problem, but its something to do with Exchange ActiveSync. We have a Treo 650 which was working fine all along then one day stopped syncing to the mail server and now throws an error saying:
" There was a problem syncing messages. (Net 123E)There was a problem connecting to server. Check your network or server settings and try again."
Now my understanding is that, the phone is not able to find the mail server. We have an exchange server running in the office, but have hosted our website with a hosting company. MX record has been setup to point to our mail server's ip address. Is there anybody who can help with this or tell me where to look for help. Thanks!!
The problem I'm faced with looks like a cell phone problem, but its something to do with Exchange ActiveSync. We have a Treo 650 which was working fine all along then one day stopped syncing to the mail server and now throws an error saying:
" There was a problem syncing messages. (Net 123E)There was a problem connecting to server. Check your network or server settings and try again."
Now my understanding is that, the phone is not able to find the mail server. We have an exchange server running in the office, but have hosted our website with a hosting company. MX record has been setup to point to our mail server's ip address. Is there anybody who can help with this or tell me where to look for help. Thanks!!
ASKER
The company has SBS 2003 installed and its remote workspace is available at remote.companyname.com the link remote.company.com/oma does not work. Nothing has changed since its original setup when it was working. The only thing that changed was their ISP. People can access outlook web access and everything.
have you re-run the Configure email and internet wizard?
For OMA, by does not work, can you be a little more specific? Error message?
If you use a regular computer that can access OWA, does OMA work there? OMA is just a plain text version of OWA, so works with any web browser.
Simon.
If you use a regular computer that can access OWA, does OMA work there? OMA is just a plain text version of OWA, so works with any web browser.
Simon.
ASKER
No I haven't re-run the configure email and internet wizard.
Regarding OMA from a regular browser: When I tried to browse the site by http://fqdn/oma (or as a matter of fact by https://remote.companyname.com/oma) a pop up window shows up asking for username and password, but can't go beyond it because it doesn't take any username/pwd. I don't even know if this is the right way of doing it!??
But OWA works fine with admin account on SBS remote web workspace from the same machine. (By accessing via remote.companyname.com). SBS comes with Sharepoint services integrated.
Regarding OMA from a regular browser: When I tried to browse the site by http://fqdn/oma (or as a matter of fact by https://remote.companyname.com/oma) a pop up window shows up asking for username and password, but can't go beyond it because it doesn't take any username/pwd. I don't even know if this is the right way of doing it!??
But OWA works fine with admin account on SBS remote web workspace from the same machine. (By accessing via remote.companyname.com). SBS comes with Sharepoint services integrated.
Sembee is the undisputed man for Exchange but if you get a chance later, try the ceiw. As you are on SBS, the wizards are the way things should be addressed.
ASKER
Ok will wait for sembee to come up with something. Is it ok to re-run ceiw again? will disrupt anything in the network coz users are all working and I don't want to mess anything up.
Username password prompt should be completed with domain\username and then password.
Try that.
Also, look in the event log for any error messages around authentication at the time you try to use OMA. There is a well known bug with OMA/SSL/FBA. http://www.amset.info/exchange/mobile-omafba.asp
Simon.
Try that.
Also, look in the event log for any error messages around authentication at the time you try to use OMA. There is a well known bug with OMA/SSL/FBA. http://www.amset.info/exchange/mobile-omafba.asp
Simon.
Just in answer to your question, ceiw should be run out-of-hours, simply as good practice. This is the common-sense approach :)
ASKER
Execellent, I did try that before, but accidentally kept using domain.com/username instead of just domain name. Anyway, I was able to see the text version with OMA after rectifying that.
So now that OMA is working fine from a different network (I'm at a another client's place and working remotely), so the Treo also should be able to access the server right? if everything is fine?
So now that OMA is working fine from a different network (I'm at a another client's place and working remotely), so the Treo also should be able to access the server right? if everything is fine?
If OMA works on a desktop, then try it from the handheld. Take small steps. See if OMA works, and doesn't prompt you for anything.
If you get no prompts in OMA and it works correctly, then you are pretty close.
If you get SSL prompts, then you might have an issue with the certificate.
Simon.
If you get no prompts in OMA and it works correctly, then you are pretty close.
If you get SSL prompts, then you might have an issue with the certificate.
Simon.
ASKER
So I will try accessing OMA from the micro-browser on the Treo and see if it works. Thanks.
ASKER
Simon,
OMA from the Handheld works just fine. I was able to access 2 different accounts (just for good measure). I accessed the Admin account's inbox and the user's inbox also. It shows up fine. What should I do next?
Thanks very much for doing this, this issue has been haunting me for weeks and I've been avoiding this user. I hope I would get closure on this today.
OMA from the Handheld works just fine. I was able to access 2 different accounts (just for good measure). I accessed the Admin account's inbox and the user's inbox also. It shows up fine. What should I do next?
Thanks very much for doing this, this issue has been haunting me for weeks and I've been avoiding this user. I hope I would get closure on this today.
Simon, thanks very much for your intervention.
Regards
keith
Regards
keith
ASKER
Keith, Thanks to you as well, I've worked with you before on a couple different issues.
I tried syncing (of course nothing has been changed) the handheld and I keep getting the same error. "There was a problem syncing messages. (Net 123E) There was a problem connecting to server. Check your network settings......."
I tried syncing (of course nothing has been changed) the handheld and I keep getting the same error. "There was a problem syncing messages. (Net 123E) There was a problem connecting to server. Check your network settings......."
Your welcome although my sole contribution to this call was moving you to the right topic area :)
Pleased everything has worked out nicely for you. I'll skip off back to firewalls now where I know what I am talking about.
Regards
Keith
Pleased everything has worked out nicely for you. I'll skip off back to firewalls now where I know what I am talking about.
Regards
Keith
ASKER
Keith,
The original problem was that the Treo was not syncing, kept giving the above mentioned error. Simon said if I was able to access OMA from the handheld, I'm pretty close. Now that I can access it, just waiting for Simon to show me how close I'm to resolving this issue. I hope I can resolve it today. Please let me know what should I do next? Thanks very much.
The original problem was that the Treo was not syncing, kept giving the above mentioned error. Simon said if I was able to access OMA from the handheld, I'm pretty close. Now that I can access it, just waiting for Simon to show me how close I'm to resolving this issue. I hope I can resolve it today. Please let me know what should I do next? Thanks very much.
As its sbs, I assume you are using https (ssl) rather than http to make your oma connection?
http://forums.palmone.com/pe/action/forums/displaysinglethread?rootPostID=20245288&returnExpertiseCode=__Corporate_em__USCA
http://forums.palmone.com/pe/action/forums/displaysinglethread?rootPostID=20245288&returnExpertiseCode=__Corporate_em__USCA
When you browsed to OMA, did you use http://... or https://...
When you entered the server information in to ActiveSync on the device, did you enter servername, server.domain.com, servername.domain/com/some
It should be JUST the name server FQDN: servername.domain.com - nothing els. No http, no /something - just the servername.
If you are using SSL, then you need to enable the option. However if the SSL certificate that you are using is a home grown certificate (ie not a purchased certificate), then the certificate needs to be imported in to the device.
Simon.
When you entered the server information in to ActiveSync on the device, did you enter servername, server.domain.com, servername.domain/com/some
It should be JUST the name server FQDN: servername.domain.com - nothing els. No http, no /something - just the servername.
If you are using SSL, then you need to enable the option. However if the SSL certificate that you are using is a home grown certificate (ie not a purchased certificate), then the certificate needs to be imported in to the device.
Simon.
ASKER
No OMA uses just http. It doesn't seem to use ssl.
It can use SSL. It is a matter of entering in the https: at the beginning of the address. I have OMA on SSL at home.
Simon.
Simon.
Simon, is there anything that needs amending in the ESM or the IIS to let it use both or is that just a native flexibility?
ASKER
Simon,
Like I said, to browse to OMA I used just http:// (no SSL).
The server information in the handheld is (mail.servername.com), its known by that name over the web. I can change this to FQDN of the server, but I doubt it would work.
However remote web workplace uses (HTTPS://)
I tried using the IP of the server, it didn't help either.
Also, one more thing I noticed was, this particular User's login account name is JDoe@companyname.local but the email id is John@companyname.com. I don't know if this has anything to do with this.
Like I said, to browse to OMA I used just http:// (no SSL).
The server information in the handheld is (mail.servername.com), its known by that name over the web. I can change this to FQDN of the server, but I doubt it would work.
However remote web workplace uses (HTTPS://)
I tried using the IP of the server, it didn't help either.
Also, one more thing I noticed was, this particular User's login account name is JDoe@companyname.local but the email id is John@companyname.com. I don't know if this has anything to do with this.
ASKER
Support for http or https is native. You can't use require SSL on this application because it communicates internally with the /exchange virtual directory on http.
However, what I do if I want to force SSL is simply block port 80 on the firewall. Then on the public web site I have a special web page that the users hit. That web page detects whether they are using a desktop or a handheld and then directs them to the correct, secure, URL. Means I don't have http open to the world on the Exchange server.
The log in name and email address being different will not be a problem. I have a different email address at home.
Is the SSL certificate purchased or home grown?
Simon.
However, what I do if I want to force SSL is simply block port 80 on the firewall. Then on the public web site I have a special web page that the users hit. That web page detects whether they are using a desktop or a handheld and then directs them to the correct, secure, URL. Means I don't have http open to the world on the Exchange server.
The log in name and email address being different will not be a problem. I have a different email address at home.
Is the SSL certificate purchased or home grown?
Simon.
ASKER
I don't know, but I believe its home grown ( I didn't set this up). If you can tell me where to look for it, I will do so. :-(
ASKER
I looked at the SSL certificate in Exchange Virtual Dir, it says:
issued to: remote.companyname.com and issued by: remote.companyname.com.
BTW, remote.companyname.com and mail.companyname.com are all the same server (there is only one server in the entire company) and proper A names (with the server's IP) are setup with the hosting company to resolve to this server if those names are requested on the web.
issued to: remote.companyname.com and issued by: remote.companyname.com.
BTW, remote.companyname.com and mail.companyname.com are all the same server (there is only one server in the entire company) and proper A names (with the server's IP) are setup with the hosting company to resolve to this server if those names are requested on the web.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SBS's Companyweb uses SSL 444 and Default web sites use SSL 443. Nothing has changed in the recent past, don't know why all of a sudden Treo stopped snycing with Exchange server.
ASKER
Yes remote.companyname.com resolves to this server on the internet.
So if I get this right, I cannot sync the device without SSL. So to sync this with SSL I would need to import the certificate into the handheld. Now that ActiveSync is not usable I will have to use a memory card to import the certificate.
Now where do I download this certificate from? Is it somewhere on the server? or how should find where to download this certificate from? Can you please throw some light on that?
So if I get this right, I cannot sync the device without SSL. So to sync this with SSL I would need to import the certificate into the handheld. Now that ActiveSync is not usable I will have to use a memory card to import the certificate.
Now where do I download this certificate from? Is it somewhere on the server? or how should find where to download this certificate from? Can you please throw some light on that?
You can sync the device without SSL. However I wouldn't advise it, as your username and password is going across the internet in the clear with great regularity.
If you read the article on my web site above, you can export the certificate in the required format. If you open IIS Manager on the server, then the Properties of the Default Web Site and then Directory Security you can open the certificate which will allow you to export it in the correct format.
I have three SSL certificate questions on the go at the moment...
Simon.
If you read the article on my web site above, you can export the certificate in the required format. If you open IIS Manager on the server, then the Properties of the Default Web Site and then Directory Security you can open the certificate which will allow you to export it in the correct format.
I have three SSL certificate questions on the go at the moment...
Simon.
ASKER
And this phone is a Treo 650, I don't if this is like a Windows 2002/2003 Smartphone?
ASKER
I think I found the way to export it. I went to Exchange Vir Dir, and there is an option Copy To:
Once you hit that it asks for exporting private or not? Should I export private key?
The next option gives 3 different formats, Should I go with DER encoded Binary x.509?
And after that what file to specify?
I apologize this is way too much to ask for, I can understand if you can't answer these questions, thanks for all the help.
Once you hit that it asks for exporting private or not? Should I export private key?
The next option gives 3 different formats, Should I go with DER encoded Binary x.509?
And after that what file to specify?
I apologize this is way too much to ask for, I can understand if you can't answer these questions, thanks for all the help.
ASKER
Then in theory then it should sync without using SSL (say the user doesn't care about their pwd being in the open). But it doesn't sync. So will it be worth the try to export the certificate and import it into the handheld if it should work otherwise as well?
If you follow the instructions on my web page, I have outlined which format you need to use.
In theory the device should sync without https. I have certainly done so using the emulator.
Simon.
In theory the device should sync without https. I have certainly done so using the emulator.
Simon.
Browse to https://servername.domain.com/oma (where servername.domain.com is the name on your SSL certificate (you are using SSL?) and is the name that your server can be accessed under on the internet).
You should get a username and password prompt, followed by your mailbox in plain text format.
If that doesn't work, the confirm that everything else works from outside the network. You can do this with another machine or the tools at dnsstuff.com
Simon.