Solved

Setting up Exchange Server Oma with IIS and Outlook03 on SBS2003

Posted on 2006-06-15
7
559 Views
Last Modified: 2008-02-01
June 15/06
When I am away from the network I type in this url and then I get the response following:
http://24.67.32.244/
Response:  "You are not authorized to view this page"

I type in this url and then I get the response following:
https://24.67.32.244/
Response:  Prompts to accept a certifiacte, and the
"You are not authorized to view this page" is displayed

I type in this url and then I get the response following:
http://24.67.32.244/oma
Response:  Changes url to https://24.67.32.244/oma and then displays "You are not authorized to view this page"

Same thing with
http://24.67.32.244/owa and https://24.67.32.244/owa

When I am local to the network:

Type in
https://24.67.32.244/oma
It prompts me for a certificate granting and then username and password and I put it my FQDN and corresponding password

Response:  Item no longer exists. The item you are attempting to access may have been deleted or moved.
Home  And then Changes the address bar to read https://24.67.32.244/oma/(myz3kn45tt5h2155w3kd5e3z)/oma.aspx

I type in this url and then I get the response following:
http://24.67.32.244/oma
Same thing as above

Now for the punch line READY??

When I go to https://24.67.32.244/oma and grant the certificate and login as the administrator user, enter the username and password I get this:

  Inbox (4 new)
Calendar
Contacts
Tasks
Find Someone
Compose New
Preferences
Mail Folder Tree
About

I assume this is the Outlook Mobile Access that I need to set up for device Synching with Activesync.  Problem is my own username is part of the Administrators group and also the Mobile Users group.

I am runnning SBS2003 with Exchange 03.  I have enabled permissions for the user to connect to Outlook Mobile Access, user initiated sychronization and up to date notifications.  OMA was not on the list in IIS so I made a new entery and called it that, so the identifier number on the list is 833712 which stands out as unusual as the other 4 sites have id numbers between 1 -  4.  No ssl is currently being used, I have toggled that back in forth according to other things I have read about it.

OMA is enabled Globaly as well.

I feel that something must be wrong in IIS, please be very descriptive if possible in terms on what I might do to configure it.

Thanks in advance
Insangain

PS (I am making this question worht 500 points because the solution will probably require me asking really dumb follow up questions such as "Click where? ........Like with the mouse you mean?"
0
Comment
Question by:insanegain
  • 3
  • 2
7 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 16916231
First - you can't use SSL with an IP address. So you will always get errors. SSL certificates are attached to host names.
As such Exchange Active Sync will not work - you should be using a host name.
Furthermore, if you hit the OMA virtual directory and get a certificate warning, then EAS will not work - as it cannot cope with the certificate warnings.

Don't confuse OMA and Exchange ActiveSync. They use the same infrastructure but are not the same.

What you are seeing with the /oma login is normal and to be expected.

But what is your actual question?
OMA not working?
Exchange Active Sync not working?

Simon.
0
 

Author Comment

by:insanegain
ID: 16917745
Thanks for your prompt reply.  Thats great to hear that about ssl, I won't forget that anytime soon.  Unfortunately we do not have a registered domain name attached to our server.  So if activesync or OMA requires ssl then I am out of luck, would you agree to that?

But to respond to your question"  What is my actual question?"  here it is

I need to have this thing setup up to host activesync for mobile devices.  Its not working and after 2 weeks screwing around with the pocket pc phone and calling tech support for days and days and days.  I always arrived back at the same conclusion:  There is a problem with the server allow access to the mailboxes.  Not sure what to do at this point.

So yes, OMA is not working and Exchange Active sync is not working.

Another question, should Exchange Active sync be on the list of IIS?  (cuz its not)

Thanks again, what should I do at this point?

Insanegain
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16923658
So many issues.

First question - what you are using for email? An ISPs domain? It is almost unheard of for a company to not be using their own domain - especially considering that they are so cheap.

You can deploy OMA and EAS without SSL, but I don't do that. It would mean usernames and password going across the internet in the clear.

The folder for EAS in IIS is "Microsoft-Server-ActiveSync".

Couple of things.

1. Check that the authentication settings and application pools are set correctly in IIS Manager. I have the correct settings on my web site here: http://www.amset.info/exchange/mobile-eastrouble.asp

2. Rather than fiddling around with a mobile phone or Pocket PC, get your hands on the Windows Mobile emulator. It makes life so much easier for troubleshooting as you can reset the device quickly and easily.
http://www.amset.info/pocketpc/emulator.asp

Simon.
0
 

Author Comment

by:insanegain
ID: 16952368
Hi again, please excuse my absence,

We are using a third-party mail server for email, POP3, no email gets routed through our exchange server.  Just contact, calendar, task sharing etc.

The domain name set up on the server is servername.local, this was intended for use only as an internal server until we exposed it as a gateway.  I'm sure that having an extension that doesn't end in com, net or org will hinder us even more.

The folder EAS in IIS is "Microsoft-Server-ActiveSync" does not appear on my list in IIS.  ????

I'm not too worried about the lack of using SSL for the sake of usernames and password going across the internet in the clear at this moment.

I'll start playing around with the tools that you have linked me to.  Any more suggestions based on this new info?

Thanks again
Insane
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16955991
If you aren't having your email delivered directly, then the value of features like this becomes limited. OMA is primarily designed for email - it does everything else very poorly.

Exchange is an email server primarily and needs to be treated as one. Being a glorified calendar sharing product is wasting so much of the services that it can offer to you.
Ideally you need to have email delivered by SMTP to get the best out of it. If you have a permanent internet connection then I would switch over. Your users will love you for it as email will come in immediately instead of the delay with the POP3 connector doing its thing.

Without a .com host name you are going to continue to struggle. Everything is setup primarily for host names. Plus a host name is so much easier to remember than the IP address.

Have you got the mobile options enabled in ESM? It is part of Global Settings. I usually suggest enabling every option.

Simon.


0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now