Solved

KB817379 looks insainly dangerous to do. mobile access to exchange server

Posted on 2007-03-26
16
2,920 Views
Last Modified: 2013-11-13
I am trying to get my mobile device to access the Exchange server, and I get a "85010014" error message. I looked in the event log, and the message below was there. I read the suggested fix  (KB817379) for it, and also the fix from a dude on [ http://groups.google.com/group/microsoft.public.pocketpc.activesync/browse_frm/thread/96a012d52673c49b/22bdad20f97e9745?lnk=st&q=activesync+3005+http+400&rnum=1]
but that seems insainly difficult and dangerous. COuld anyone please help me tell me what this is all about?

// Jo

ERROR MESSAGE IN EVENT LOG:
The mailbox server [SERVERNAME] has its [exchange] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).
0
Comment
Question by:somewhereinafrica
  • 9
  • 7
16 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 18792120
I have to say that solution on Google Groups is a bit over the top.

What makes you think that 817379 is dangerous? It is a few registry changes and an export import of a virtual folder. Takes about 15 minutes I do it three or four times a week, often on remote control.

I do find that 817379 misses some steps that can cause problems so I have my own variation of the article here: http://www.amset.info/exchange/mobile-85010014.asp

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18792220
I have read that one too. Way more organized and easy to overview :-)

Here are my concerns:

step 1 - When I do this on a live server, what will the implacation be? If i disable the formbase, will that not disable the whole darn thing?

Step 2 - Again, if i remove the SSL certificate, what will happen to people that are trying to work on it? (I understand that a few minutes later I will put the thing back, but what happens during that time, I'm just asking...)

Step 3 - Removing 'require SSL' means that people could access via port 80 using http://servername, but that is not a secuirty risk in it self? I mean if someone uses it over port 80, the information might be tapped in to. But in it self it is not a security risk (i could close down port 80 on the firewall as you suggest further down to combat that)


My OMA has never worked (as in that the dude before me probably did a bad job), is having OMA not working going to be solved by this step too, or should i concentrate on getting OMA to work first and then deal with this?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792282
There will be some disruption to users of OWA while you make the changes. That cannot be helped.
If you disable forms based authentication then users get the standard username/password pop up box if they try to access the server during that time.

If you remove the SSL certificate then anyone accessing the server on SSL will have their connection dropped.

I don't use require SSL on any of my deployments because I don't open port 80 to the world. The simple fact is that require SSL on the directories is not compatible with OMA/EAS because it makes calls on port 80. That is partly what the additional virtual directory is supposed to fix.
As with everything in security, you secure what can be secured without impacting the use of the service too much. I personally prefer to secure the server by not allowing port 80 in than relying on require SSL to force the users on to https.

Simon.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:somewhereinafrica
ID: 18792294
Simon, I have just sent you a request on your contact address on your site, please contact me a.s.a.p.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792390
I believe one of my staff has responded to the email.
I also need to draw your attention to this section of the help guide regarding assistance outside of the site.
http://www.experts-exchange.com/help.jsp#hi99

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18792427
ok, sorry about that. I did not mean to get you in to trouble.
0
 

Author Comment

by:somewhereinafrica
ID: 18792475
ok, so these steps that you suggest that I make. What will be the impact on people connecting with OWA and the 'real' outlook client? does any of these changes affect that?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792498
The full Outlook clients, as long as they are not using RPC over HTTPS will not be affected.
Anyone using OWA will be kicked out while you are working on the server. Once the changes are made, OWA will operate as before.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18792519
Do you think our inability to use OMA is linked with this too?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792617
OMA and EAS share the same backend. In most cases if OMA doesn't work then EAS will not work either.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18799474
Simon, what is it in effect that this maneuver does?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18800407
When you access EAS or OMA it makes an internal call to the /exchange virtual directory to read the contents of the mailbox being accessed. The change redirects that call to another folder which has a different configuration which allows the internal process access while maintaining the security of the folders and forms based authentication.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18800469
and this only affects the OMA/mobile devices access?
Not the rest of the people accessing RPC over HTTPS or the OWA?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18800950
It will affect those people while you do the work, but after that there is no change in the operation of either feature.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18801001
thanks oodles dude, apprechiate it, really do...
0
 

Author Comment

by:somewhereinafrica
ID: 18805911
Simon, dude, it worked, thanks a million...
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn different types of Android Layout and some basics of an Android App.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question