Solved

Exchange Activesync Problems 85010014 on Small Business Server 2003

Posted on 2006-11-07
29
1,189 Views
Last Modified: 2012-06-27
SBS2003 up-to-date with SP's etc (exch sp2 and 2003 sp1).  I have this problem on standard and prem edition SBS installs.  Certs installed on mobiles all ok.

Problem started on customers server which is prem edtion sbs2003.  On mobiles keep getting 85010014 error.  This install I cant get working.  My own install was working fine (standard edition).  Decided to delete exchange vdirs from my IIS and rebuild (instead of messing up customers install) by using Metabase explorer and running system attendant to recreate.  This seems to make a bit of a mess of the authentication control, which I have all set to the same as another sbs2003 server I have running and would be set as per default.  When I first got this working on my SBS I didnt have to change anything in the IIS VDIRS authentication it was all left as default.  I now have exaclty the same error on my install as the customers and I have tried everything.  A lot of the support documents Im reading have conflicting information - eg: some say the Exchange VDIR in IIS can't have SSL enabled as the exchange activesync component uses only port 80 where as I have working SBS's that have this enabled.  Im sure this is down to the total lack of documentation on SBS2003 based server activesync setups.  All the docs are for full blown 2003.

OWA using https is working fine on all servers.

I have the IIS logs which I can post if required and I can post the setups on all the exchange related vdirs.  Customer is losing patience so Im under big pressure here any help would be appreciated.
0
Comment
Question by:NeilDavis
  • 12
  • 6
  • 5
  • +2
29 Comments
 
LVL 1

Expert Comment

by:devnull22
ID: 17888750
Hello!

I've had a similar problem lately after we had installed sharepoint and needed to modify IIS. I've had to follow this procedure to fix the activesync problems.

My problem turned out to be that the mobile expected to use kerberos authentication which was not set. You can activate it using the below commands. Give it a try, the changes are reversible, if you wanna go back.

Hope this helps!

Taken from this reference page:
http://support.microsoft.com/?id=832769

To use a script to enable Kerberos authentication on the virtual server, follow these steps:
1.      On the server that is running IIS, click Start, click Run, type cmd in the Open box, and then click OK.
2.      Change to the Inetpub\Adminscripts folder.
3.      Type the following command, and then press ENTER:
cd Drive:\inetpub\adminscripts
Note In this command, Drive is the drive where Microsoft Windows is installed.
4.      Type the following command, and then press ENTER:
cscript adsutil.vbs get w3svc/##/root/NTAuthenticationProviders
Note In this command, ## is the virtual server ID number. The virtual server ID number of the Default Web site in IIS is 1.
5.      To enable Kerberos authentication on the virtual server, type the following command, and then press ENTER:
cscript adsutil.vbs set w3svc/##/root/NTAuthenticationProviders "Negotiate,NTLM"
Note In this command, ## is the virtual server ID number.
6.      Restart IIS. To do this, follow these steps:
a.       Click Start, click Run, type cmd in the Open box, and then click OK.
b.       At the command prompt, type iisreset, and then press ENTER
c.       Type exit, and then press ENTER to close the Command Prompt window.
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17888865
Tried - No luck same error.
0
 
LVL 3

Expert Comment

by:Stekman99
ID: 17889464
Hi,

Prolly is the certificates not getting accepted correctly.
 
Rerun the Configure E-mail and Internet Connectivity Wizard and
recreated the certificate.

Cheers,
Stefan
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17889798
I have reran the wizard numerous times.  As I said above the certificates are installed on the phones without problems.  The phones get past the initial authentication stage, if I put the wrong password in it asks me for the correct one.  I have had issues in the past with certs and Im sure this isnt the case here.
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17890776
Tried installing a new cert.  Same error.
0
 
LVL 3

Expert Comment

by:Stekman99
ID: 17891005
Do you have any logs to paste in here?
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17891575
Sure IIS log on last connect.

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-11-07 18:05:42
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-11-07 18:05:42 192.168.100.2 OPTIONS /Microsoft-Server-ActiveSync User=info&DeviceId=2A51160F6F1C76D8B6BAFB1F4CE8A453&DeviceType=SmartPhone&Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 443 dits\info 89.192.27.218 MSFT-SPhone/5.1.2000 200 0 0
2006-11-07 18:05:46 192.168.10.5 PROPFIND /exchange-oma/info@emailaddresss.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/SmartPhone/2A51160F6F1C76D8B6BAFB1F4CE8A453 - 80 - 192.168.10.5 Microsoft-Server-ActiveSync/6.5.7638.1 401 1 64
2006-11-07 18:05:46 192.168.100.2 POST /Microsoft-Server-ActiveSync User=info&DeviceId=2A51160F6F1C76D8B6BAFB1F4CE8A453&DeviceType=SmartPhone&Cmd=FolderSync&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:1C1I489S0R0S0L0H0P 443 dits\info 89.192.27.218 MSFT-SPhone/5.1.2000 500 0 0
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17891615
FYI OMA works fine as well.  Its just bloomin Exchange Activesync. Im close to throwing in the towel and raising a call with MS.
0
 
LVL 2

Expert Comment

by:Francis_Beland
ID: 17893497
What Version of Windows Mobile do you have on the SmartPhones (I guess it's a SmartPhone)
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17893528
Yes Ipaq and SPV c600 both brandnew with WM5 etc.  The SPV can jump easily from one working SBS2003 exchange activesync to another no problem.
0
 
LVL 2

Expert Comment

by:Francis_Beland
ID: 17893578
Do you have any error on your Exchange Server Event Viewer? If you are able to cummunicate with the server, all errors should be also logged on the server.
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17894003
No errors in the event logs that I can see.  I can turn on logging in more detail but not sure on what element of exchange?
0
 
LVL 2

Expert Comment

by:Francis_Beland
ID: 17895411
If I remember, it is under Application Log. Try to connect to your server and check the event log afterward to see what can be the problem.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Author Comment

by:NeilDavis
ID: 17896412
There are no errors in the application log.  The IIS log is key here im sure, as you can see from above the error in that log is "401 1 64", now as I understand it the 401 1 is a 401.1 error which is a logon error I think.  As for the 64 bit Ive no idea what that means.  Its something in the IIS config Im sure.
0
 
LVL 2

Expert Comment

by:Francis_Beland
ID: 17900072
You can try to follow this procedure.
http://support.microsoft.com/kb/817379/en-us

It solved my Treo 650 problem to connect to Exchange.
0
 
LVL 2

Expert Comment

by:Francis_Beland
ID: 17900139
Do you have a FQDN associated with your External IP address? Probably because I guess you're receiving external mails on your Exchange server. You also want to be sure that when you're creating your Exchange server root certificate, the server name or address is the same than your FQDN because WM5 doesn't accept a connection if they are not the same. I had a similar problem and I needed to reinstall the root certificate. It's important, it must be the root certificate.
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17900259
Have looked at the MS link before.  Remember this is a small business server these steps should be done by the internet connection wizard.

As mentioned there is no certificate problem here at all - OWA and OMA both work.

I have now got hold of an SPV M3100 and set the logging to verbose on it.  The logs server response is 500 internal server error, which Im now off the look up.
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17900512
This is the latest log on the phone.  As you can see the error is at the end. """HTTP/1.1 500 Internal Server Error"""

I have had to recreate the exchange-oma VDIR as the system attendant doesnt recreate this.  Has anyone had to do this on SBS2003....HELP...


=-= Build 14955 =-=
=-= No XIP Information Available =-=
remote.da*****s.com

=-=- [8/11/2006 18:44:2.0] -=-=
=-=-=-= Client Request =-=-=-=
OPTIONS Microsoft-Server-ActiveSync?User=info&DeviceId=D0716111C0D7C66557F53F1D15A12CC2&DeviceType=PocketPC
Accept-Language: en-gb
MS-ASProtocolVersion: 2.5
X-MS-PolicyKey: 0

-=-=-=- Start of Body -=-=-=-


=-=- [8/11/2006 18:44:7.0] -=-=
=-=-=-= Server Response =-=-=-
HTTP/1.1 200 OK
Connection: close
Date: Wed, 08 Nov 2006 18:41:58 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Pragma: no-cache
Content-Length: 0
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping


-=-=-=- Start of Body -=-=-=-


=-=- [8/11/2006 18:44:7.0] -=-=
=-=-=-= Client Request =-=-=-=
POST Microsoft-Server-ActiveSync?User=info&DeviceId=D0716111C0D7C66557F53F1D15A12CC2&DeviceType=PocketPC&Cmd=FolderSync
Accept-Language: en-gb
MS-ASProtocolVersion: 2.5
Content-Type: application/vnd.ms-sync.wbxml
X-MS-PolicyKey: 0

-=-=-=- Start of Body -=-=-=-
<?xml version="1.0" encoding="utf-8"?><FolderSync xmlns="FolderHierarchy:"><SyncKey>0</SyncKey></FolderSync>

=-=- [8/11/2006 18:44:8.0] -=-=
=-=-=-= Server Response =-=-=-
HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 08 Nov 2006 18:41:59 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Pragma: no-cache
Content-Type: text/html
Content-Length: 56
MS-Server-ActiveSync: 6.5.7638.1
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17924535
Well, I'm not even reading through all of those posts because what I read was...

"Im sure this is down to the total lack of documentation on SBS2003 based server activesync setups.  All the docs are for full blown 2003."

Which is totally not true... maybe you didn't look at the SBS Documentation Site?

http://www.microsoft.com/downloads/details.aspx?FamilyID=8be70d72-1e5a-4128-a30c-dafeeb43544d&displaylang=en

Documentation page:  http://www.microsoft.com/windowsserver2003/sbs/techinfo/productdoc/default.mspx
Documentation Team Blog: http://blogs.msdn.com/sbsdocsteam/default.aspx

Also, be sure to always check the "Information Center" right inside your Server Management Console which is always kept up-to-date.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17924540
Okay, now I read more... you should NOT delete the Exchange VirDirs!!!  Why would you try to experiment with your own concoction when there are over a million SBS's running just fine the way they were designed!?!?!?!

OY!

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17928721
Jeff....Im sorry but Ive read through all those sites and I stand by my existing comment.  The documentation is way too generic on this particular area, you show me where it talks in any "detail" about the exchange activesync setup on a small business server in particular the VDIRS and more than just permissions...

Why would I experiment with my own setup??? because the implications of doing harm to my own are a lot less than a live customers server.

Im fully aware that you should not delete the exchange VDIRS but when absolutely nothing else works and there are documented processes to recreate the directories why shouldnt we have done it?.  If it was working as 'designed' then I wouldnt even be here would I....afterall Im looking for help in solving my problem not comments about how a million SBS's are running perfectly.

It looks like the only way we are going to get this working is to reinstall Exchange\IIS.

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17936938
What "detail" are you looking for that's not in the paper linked above?  Since SBS is a standardized configuration I'm wondering why your is SO different that the instructions don't apply?

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17936944
P. S. If you do reinstall Exchange and IIS, be sure to follow this KB article:  http://support.microsoft.com/kb/320202

Jeff
TechSoEasy
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17936969
A couple of other thoughts... I didn't say anything about messing with your own "setup".  I was suggesting that you are trying to make up how to do this rather than following proven methodologies.

Also... if you aren't using ActiveSync 4.2, you should be.  Also, uninstalling and reinstalling Outlook seems to clear up the 85010014 problem.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 17937604
Jeff....read what Ive said, where do I say "you know what Jeff, I run an IT consultancy and look after over 50 sbs installs and Ive decided I know better than Microsoft and Im going to ignore their instructions"

Show me the proven methodology for Microsoft "Small Business Server" Exchange Activesync "reinstallation" including the IIS config and I will follow it word for word.  I have copied the config exactly from working SBS installs and it simply hasnt worked.  I have recreated the exchange-oma exactly as Microsoft tell me and it still doesnt work.

Im not interested in Activesync 4.2 because the whole point is to get this thing working over the air.  The 85010014 is a generic error code, this is why I have posted the logs from IIS and the device.

If Im missing the point here or doing something wrong then tell me, advise me, help me otherwise go and spread the word elsewhere about the millions of SBS's running just fine the way they were designed.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18099833
Neil Davis,

Too bad that your impatience and attitude towards this is ignoring the actual problem.  You said you wanted documentation, so here it is:

http://www.microsoft.com/windowsmobile/help/activesync/default.mspx

If you look at the very last line on that page, it says, "Please upgrade to ActiveSync 4.2 if you are experiencing these issues. "

The advantage of ActiveSync 4.2 is that it includes a TroubleShooter which will log all sync events in detail.  See Help > Troubleshooter from within ActiveSync.

If you are unwilling to try this, then you can go on complaining.

The fact is that even though you are trying to sync over the air, ActiveSync was used to set up the partnership between the device and the user's account.

Jeff
TechSoEasy
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now