[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2003 & Mobile Device ActiveSync problems

Posted on 2006-06-07
25
Medium Priority
?
1,558 Views
Last Modified: 2012-08-13
Hi,

I have been having so much trouble getting ActiveSync to work and really need some experts advice.

I had oma and owa up and running, but my Exchange Server gave me the following error on Sync:

The mailbox server [exchange.letterpart.local] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.  For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).   For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383).   This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).

So, what I did was edited the Authentication Methods for my Exchange VD and selected Integrated Windows authentication.

This then worked a treat and I could sync fine.

The trouble then was that my users couldn't log on to owa using IE. Firefox worked fine, but when they used IE and entered their username/password it would return the log in screen with the servers domain or IP address prepended to their user name. Switching off Windows auth fixes this.

So, my next step was to create a new VD using the instructions on http://support.microsoft.com/kb/817379/ whci I found difficult as I couldn't export the settings using: Save Configuration to a File. But I managed to create a new VD, called it ExchMobile, and added a new string value to the registry pointing ExchangeVDir to this folder.

The error I now get is:

Request from user hedley@letterpart.local resulted in the Microsoft(R) Exchange back-end server EXCHANGE returning an HTTP error with status code 500

Response:
Server: Microsoft-IIS/5.0
Date: Wed, 07 Jun 2006 11:47:49 GMT
X-Powered-By: ASP.NET
Connection: close
Content-Type: text/html
Content-Length: 56


Original Request:
Content-Type: text/xml
Depth: 0
Content-Length: 389
Expect: 100-continue
Connection: Keep-Alive
Host: exchange
.

For more information see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and if I go to webmail.domain.com/oma in my browser I get the following message after logging in:

Server offline:

Unable to connect to your mailbox on server EXCHANGE. Please try again later. If the problem persists contact your administrator

We are running Exchange 2003 as a single server in native mode, trying to connect using Windows Mobile 5.

thanks for your help,


0
Comment
Question by:Letterpart
  • 13
  • 12
25 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16851785
How did you create the new ExchMobile VDir?  If you created it manually in IIS Manager, then it wont work.  I don't even think you can use ESM, either.  The reason you have to export it to a file is that the Exchange VDir has many hidden properties that you can't reproduce in the IIS Manager GUI.

Basically, you need AS working before you clone the Exchange VDir, and you have to use the 'Save configuration to a file' method.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16851901
Lee,

thanks for the reply.

I did indeed create the VD by hand using IIS Manager as I have no option to export configs.

Why is this option not available when I right hand click on a vd and select All tasks? All I get is:

Permissions Wizard
Open With FrontPage
Configure Server Extensions

Also,

what do you mean by "Basically, you need AS working before you clone the Exchange VDir" as it all seems set up just now - confused.

thanks.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16852064
That's strange - when you right-click on a VDir in IIS Manager, the 'Save Configuration' option is the only thing you should see under All Tasks.  I don't see any of those three that you have.

I see you are on IIS 5 (Windows 2000), though.  It could be different in IIS 5.  I don't have a Win2000 server handy right now, but I will later no today.

What I meant by the last bit is that before you clone it by saving it to a file, and reimporting it, AS should be in a working state.  Many people try to use this method to fix a broken AS setup - but it won't help, since the clone will be broken too.

You could also try pointing AS back to the original Exchange VDir, and fixing the Integrated Auth issue.  Depending on how many OWA users you have, it may be an idea to turn off IA in IE's Advanced Options.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Letterpart
ID: 16852221
Lee,

you are correct, IIS 5 is what we have and it has the 3 options. IIS 6 only has the save configs. (one of our machines has IIS6).

So. How do I go about creating a duplicate site in IIS5 with no save config option?

Re turning off IA in IE, that could be the best option, but I really want owa to work on a default install of IE so the users can access mail anywhere without hassle. But I may have to weigh up their hassle against mine :-)



0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16852295
It's not the site you are duplicating, but just the Exchange VDir (I thought I'd better clear that up).  In IIS5, you will need to get the MetaEdit utility from the MS Web Site.  I haven't used that for a long time, so I can't give specific instructions right now, but I'm pretty sure that it will do it.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16853077
Ok,

I have battled with MetaEdit and finally managed to duplicate the settings from VD Exchange to ExchMobile (had to edit the saved txt file and change the path from [/LM/W3SVC/1/Root/Exchange] to [/LM/W3SVC/1/Root/ExchMobile] otherwise it overwrote itself.

Once I had done this and restarted IIS services, my oma is back up and running when I view from a browser. And I get the following in Event Viewer:

Server ActiveSync
MSExchangeOMA
MSExchangeActiveSyncNotify

all as info's no warnings

but I still can't sync from the mobile device and still get a 85010001 which means An invalid HTTP communication or protocol syntax occurred.

but Event viewer has no errors.

thanks.

0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16853144
Was AS working okay with the normal Exchange VDir before you copied it?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16853412
Yes,

if I selected Integrated Windows authentication on the Exchange VDir, it worked a treat.

0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16853492
When you try to AS, then, can you see any requests going to your new ExchMobile VDir being recorded in your IIS logs?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16859463
Hi,

I get this in my logs:

2006-06-08 08:23:51 192.168.1.52 letterpart.local\hedley 192.168.1.250 80 OPTIONS /Microsoft-Server-ActiveSync User=hedley&DeviceId=966C4E726F4DEE82185FEAB5394C7784&DeviceType=PocketPC&Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 200 MSFT-PPC/5.1.2000
2006-06-08 08:23:51 192.168.1.52 letterpart.local\hedley 192.168.1.250 80 POST /Microsoft-Server-ActiveSync User=hedley&DeviceId=966C4E726F4DEE82185FEAB5394C7784&DeviceType=PocketPC&Cmd=FolderSync&Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 400 MSFT-PPC/5.1.2000

I can't see it going to any specific folder, but it is logging my attempts.

thanks.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16859487
It should get further than that, but you can see that it gets a 400 (Bad Request) response to the POST /Microsoft-Server-ActiveSync entry.  Unfortunately, I've no idea why it should fail at that point.  Have you tried deleting the Server settings in AS (either on the device, or in the desktop app.), and starting again?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16859693
Hi,

I have just noticed that if I point my browser to domain.com/oma instead of logging in after the user/pass it comes back with:

A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
Home

This has only happened after creating this new directory. Before it used to log me in and I would see the normal oma text based email folders.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16859890
Do you get your normal Default Web Site if you go to http://domain.com ?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16859954
Yes,

but...

domain.com is hosted externally.
mail.domain.com is local and works fine
mail.domain.com/oma is local and works fine if I delete the copy VDir and remove the reg edit. If I select Integrated Windows auth on this then active sync works, but IE users can't gain access.

It is just my copy VDir that is mucking me about.



0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16860007
OMA uses the copied VDir, too, not just AS.  I thought you were saying that http://servername/oma still worked, but http://domain.com/oma did not.  When you use the copied VDir, does OMA not work from any URL, or does it only not work from http://domain.com/OMA ?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16860231
Hi,

Since your last post I have deleted the VDir I created and removed the reg edit and tested oma.

It worked fine.

I then created a new VDir called exchange-oma by importing the saved settings (in MetaEdit) rather than creating the VDir (in IIS manager) and then importing the settings. Then creatd the new string in registry. Restarted the services and now...

This has now got oma working via a browser for both domain/oma server/oma etc.

So. We are now at is:

owa and oma are both working via the browser.
ActiveSync still fails with the 400 error:

2006-06-08 11:19:46 192.168.1.52 domain\hedley 192.168.1.250 80 OPTIONS /Microsoft-Server-ActiveSync User=hedley&DeviceId=966C4E726F4DEE82185FEAB5394C7784&DeviceType=PocketPC&Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 200 MSFT-PPC/5.1.2000
2006-06-08 11:19:46 192.168.1.52 domain\hedley 192.168.1.250 80 POST /Microsoft-Server-ActiveSync User=hedley&DeviceId=966C4E726F4DEE82185FEAB5394C7784&DeviceType=PocketPC&Cmd=FolderSync&Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 400 MSFT-PPC/5.1.2000
 
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16860543
Did you try deleting/recreating the server settings in the device's AS settings?  Also, it might help to reset the device.  I don't know why, but some people have found this is sufficient to solve weird AS problems.  Of course, my hopes aren't too high - it's just that it has worked on some occasions.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16860984
Yes,

I have deleted the server sync and done a soft reset on the device.

I must have made a mistake while creating the new VDir. Might try and spend some time looking into this. But then again it works for web access, just not the device.



0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16861029
Yes, OMA uses the same VDir, too.  See if http://servername/exchange-oma displays a normal OWA GUI, too.  It should.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16861083
Yes,

http://servername/exchange-oma  displays exactly the same as a normal owa.

0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 1050 total points
ID: 16861114
Well that part's okay, then.  The only other thing I can think of right now is that the registry key is (unusually for Windows) case-sensitive.  You have Integrated Auth enabled on exchange-oma , too, I assume?

Also, did you restart the IIS Admin service, not just the WWW service?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16861243
Registry key is correct, Integrated Auth is on and I have restarted IIS Admin Serv.

Tis a puzzle for sure!

 
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16861390
The 85010001 is mentioned here, maybe something relevant?

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21802632.html
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16871417
Hi,

haven't had time to look into this today. Will do it Monday.

Have a good w/end and thanks for all your help so far.


Hedley
Letterpart
0
 
LVL 1

Author Comment

by:Letterpart
ID: 16982494
Ok,

I don't have time to look into this just now as I have a whole new SAN to set up, install and test, along with a new DR site. This will mean installing a few new Exchange servers, along with racks, cabling etc etc. I am going to be busy.

So, what I am going to do is close this one off and award the points to LeeDerbyshire because of all the help he has given me. I know it hasn't been solved, but with his advice I have oma up and running and everything appears to be correct. The fact that two Microsoft products designed to talk to each other won't is: a) No surprise and b) No fault of Lee's.

Thanks,

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question