Solved

Cell Phones not receiving email from Exchange

Posted on 2007-03-19
31
887 Views
Last Modified: 2008-05-09
Having a problem with phones syncing email with Exchange. It was working fine until I tried to add a new domain controller to our network and received an error that DNS was missing the SRV record so active directory could not be installed. Someone on here told me to run netdiag /fix which worked and we added that domain controller. Since that happened phone syncing has stopped.  I'm not sure what changed in DNS since I still see the pointer for the server name in forward and reverse zones and its pointed to the correct IP. The web piece of exchange is still working as well as all client email is working.  Just to make sure something didn't happen to the router I opened ports 1 thru 65000 and forwarded them all to the exchange server and still emails are not making it to the cell phones. Any ideas on what to try?
0
Comment
Question by:sraley
  • 18
  • 9
  • 3
  • +1
31 Comments
 
LVL 7

Assisted Solution

by:vasanthgnb
vasanthgnb earned 100 total points
Comment Utility
This sounds weird. You should not be facing any issues if your Exchange server is not pointing to the new DC or the DNS server. Do you get any ActiveSync related error messages on the server??

What is the error message that you are getting on the device??

Vasanth.
0
 

Author Comment

by:sraley
Comment Utility
As far as I know from the phone we tested it just says something to the effect of cannot find server.

Exchange runs on an existing server that was the only DNS server. The new DC that was added was to replicate AD and DNS which it is doing. I have not seen any activesync errors on the server. The only exchange related error I see in event log is an ldap bind error because its for some reason looking for a server we took off the network. event id 8026 Source: MSExchangeAL. We did take this off the network a few days before we realized that there were phone synching issues. The sync issues seemed to be timed right around the time we ran netdiag.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Adding a new domain controller should have had nothing to do with the phones being able to sync (or not). Phone sync is from outside the network.

Does OMA work? That is the usual test for sync type issues.
http://host.domain.com/oma

Login as domain\username
and then password

Simon.
0
 

Author Comment

by:sraley
Comment Utility
Not sure what OMA is but I receive an error shown here (running from outside the network):
Server Error in '/OMA' Application.
--------------------------------------------------------------------------------

Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>
 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>
 
0
 

Author Comment

by:sraley
Comment Utility
here is the full error running inside the network:

Server Error in '/OMA' Application.
--------------------------------------------------------------------------------

Access to the path "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\55aaeb43\5ef66257" is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\55aaeb43\5ef66257" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:


[UnauthorizedAccessException: Access to the path "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\55aaeb43\5ef66257" is denied.]
   System.IO.__Error.WinIOError(Int32 errorCode, String str) +393
   System.IO.Directory.InternalCreateDirectory(String fullPath, String path) +632
   System.IO.Directory.CreateDirectory(String path) +195
   System.Web.Compilation.PreservedAssemblyEntry.DoFirstTimeInit(HttpContext context) +85
   System.Web.Compilation.PreservedAssemblyEntry.EnsureFirstTimeInit(HttpContext context) +97
   System.Web.Compilation.PreservedAssemblyEntry.GetPreservedAssemblyEntry(HttpContext context, String virtualPath, Boolean fApplicationFile) +29
   System.Web.UI.TemplateParser.GetParserCacheItemFromPreservedCompilation() +91
   System.Web.UI.TemplateParser.GetParserCacheItemInternal(Boolean fCreateIfNotFound) +178
   System.Web.UI.TemplateParser.GetParserCacheItemWithNewConfigPath() +125
   System.Web.UI.TemplateParser.GetParserCacheItem() +99
   System.Web.UI.ApplicationFileParser.GetCompiledApplicationType(String inputFile, HttpContext context, ApplicationFileParser& parser) +171
   System.Web.HttpApplicationFactory.CompileApplication(HttpContext context) +43
   System.Web.HttpApplicationFactory.Init(HttpContext context) +485
   System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context) +170
   System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +414

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
When you added this new domain controller to the network, did you do anything to Exchange, such as add/remove domain controller or other roles from it?

You are getting access denied, which usually means authentication is stuffed up.

My standard response for that at the moment is reset virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380

Simon.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
You said your Exchange server was the only DNS server.  Does that mean that it is or was also a DC.  Did you happen to demote the Exchange server or change its domain membership from DC to member server?

If that is not the case, make sure you have the ASP account still on the server or in AD if the server is a DC.
0
 

Author Comment

by:sraley
Comment Utility
The exchange server was a DC and was the only DNS. I had another DC that did not replicated dns, only AD but it was removed from the network 5 days ago. Nothing has changed on the exchange server other then I had to run netdiag /fix on it so that the new DC I added could install Active Directory because it stated DNS was missing a SRV record.

I don't see anything called ASP in the users group of AD.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 200 total points
Comment Utility
It was a DC? Is still a DC?
Have you rebooted the server since the other server was removed?

Simon.
0
 

Author Comment

by:sraley
Comment Utility
yes its still a DC and as far as I know is still marked as Master. I believe its been rebooted, but I can do that now as a test.
0
 

Author Comment

by:sraley
Comment Utility
rebooted and still receive same OMA error.
0
 

Author Comment

by:sraley
Comment Utility
what is the asp username that is supposed to show up in AD ?
0
 

Author Comment

by:sraley
Comment Utility
I just went through http://support.microsoft.com/default.aspx?kbid=883380 and still receive an error when I run the OMA test.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
On an Exchange Server that is not a DC there will be a local account called ASPNET.  This is a limited account used to launch the asp application.  Using ASP.NET 1 uses the IWAM_Machine account.  2 uses the ASPNET account.  On a DC I beilive it will just use the system account.  Not having that account on a DC is ok, as there are no local accounts.

I also notice that you are using an older version of ASP.NET 1.1.
0
 

Author Comment

by:sraley
Comment Utility
Add/remove programs shows .Net 2.0 installed and I'm downloading 3.0 now to do the update. Exchange is on a DC.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
Well before you do that you should probably look into this problem a little bit more.  Adding software to a broken install isn't always a good idea unless it is goign to fix something specific.  Try resetting the virtual directories before you do this.
0
 

Author Comment

by:sraley
Comment Utility
okay

I found out that in the temporary files path of the error that oma\55aaeb43\5ef66257 directory didn't exist
so I went to the Microsoft.Net folder, checked permissions and the Everyone group listed as well as Creator Owner didn't have any boxes checked, not even read, so I checked all boxes for both applied it and now the OMA page comes up without error. I'm not sure what the correct permissions are supposed to be for that folder. Now I have to test an email to a phone.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
That is what the error message talked about was the permissions not being correct.
0
 

Author Comment

by:sraley
Comment Utility
OMA is working but cell phones are not receiving emails. Also noticed (not sure if its because of the MS KB I followed above) that the exchange webpage now requires https. the http use to redirect you to the https side which its not doing now, it brings up an NT authentication pop up and loads email up but the inbox window just says "loading" and never shows email. the url stays as http.  Everything works fine if I make the url https
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
Is this something that you have just recently changed?  If so that very well is going to cause problems if used in conjuction with Forms Based Authentication.  Here is the KB with info on that as well as a workaround.

http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm

Take a look at that article and see if your enviroment fits that descritpion.  If so you can take a look at the workarounds listed to get ActiveSync working.
0
 

Author Comment

by:sraley
Comment Utility
Read the article. I did not create the /exchdav they talk about but I checked my exchange IIS site settings to make sure they match and I have Integrated Windows authentication and Basic authentication checked and SSL required is unchecked like the article states.  Port 80 Exchange webmail prompts me for a login now, I don't get forwarded to the https side to get the exchange screen that has a form login anymore. Not sure what happened here. According to the MS article that was linked from Petri I should have errors in my application event log on the server about exchange activesync and I have no errors from Exchange at all in the event log.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
On the mobile device what are you putting in for the address?  Should be something similar to host.domain.com.  Also do you have the require ssl set on the phone?  If so does your Exchange server have a commercial SSL cert?  What about trying uncheckign the require ssl on the phone if it is set.

Also, just as a connectivity test make sure you get to the oma page from the phone.
0
 

Author Comment

by:sraley
Comment Utility
the phone is set to server.domain.com. Exchange generated its own SSL. I'll check the phone SSL settings but what changed since this was once working on the 8 employees who need it and they all stopped at the same time. Like I said it all stopped after I ran netdiag/fix
0
 

Author Comment

by:sraley
Comment Utility
Cell phone is accessing the OMA page fine
0
 

Author Comment

by:sraley
Comment Utility
The box for SSL is not checked on the phone. We checked the box just as a test and get an error that the certificate on the server is invalid.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
That would be expected as the certificate is home grown.  Since you are having problems using http this could be the problem.  Under the virtual directories do any of them have the box checked for require https?

You can try adding the cert to teh mobile device so that you can use https on the phone and see if it works.

To do this I usually package the cert via a cab file for install on mobile devices.
http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx
0
 

Author Comment

by:sraley
Comment Utility
I'd rather not use SSL if I don't have to. I see no box under the virtual directory tab for any of the current VD's in IIS manager that says require https. I don't see anything at all that says https on the virtual directory tab.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
If you click on the vitual directory, go under directory security, secure communications, the edit.

See if require secure channel is checked.  Do that for your /exchange, /oma, /exadmin directories.
0
 

Author Comment

by:sraley
Comment Utility
oh, already checked this in an earlier post. Box is not checked for any of them.
0
 

Author Comment

by:sraley
Comment Utility
Any ideas on what to check for or do I just start over?
0
 
LVL 10

Assisted Solution

by:MATTHEW_L
MATTHEW_L earned 200 total points
Comment Utility
You could try using SSL on the device and adding the certificate to the device and see what happens.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now