• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2723
  • Last Modified:

AES/OMA/OWA work but Exchange still shows Server Active Sync Error Event id 3029.

I have OWA, OMA, and AES all working.  OWA is enabled with certificate based authtentication.  All is well!  I have one Exchange Server in our organization.  I have only port 443 opened on my firewall.  I am still getting event id 3029, Server Active Sync Error on my exchange server.  I applied http://support.microsoft.com/default.aspx?kbid=817379 and that got me on the right track to send and recieve email on mobile smartphones.  OMA works with no problems too!  OWA is still on certificate base authentication and that works as well!.  I do not get the OMA error(event id 1503) as I did before I applied kb817379, but I still get event id 3029 for AES.  Should I worry about this?  Or is there a way to disable this error events?
0
scopeortho
Asked:
scopeortho
  • 8
  • 3
1 Solution
 
scopeorthoAuthor Commented:
I think I may have found my problem I believe I still had Require SSL on the AES directory.  I just disabled it right now.  So I will look at the logs later to see if I am still getting these errors.
0
 
SembeeCommented:
If you are getting the error about require SSL being enabled, then you need to disable that option. Require SSL is not compatible with EAS, and you cannot have that option enabled on the virtual directory.

A common mistake and something that Microsoft do not make clear in 817379 is that you need to turn off FBA and Require SSL before doing the export of the /exchange virtual directory. If you don't then the broken configuration comes along with it.

Simon.
0
 
scopeorthoAuthor Commented:
You lost me at FBA I am not sure what that is???  I made sure that the Microsoft Active-Sync Virtual Directory and exchange-oma directory do not have Require SSL enabled.  And I set both of them to authenticate with Integrated Windows Authentication.  Is this correct???

Dennis
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
SembeeCommented:
FBA is forms based authentication, the web page for login to OWA instead of the standard username and password prompt.

If the process is working then the authentication is correct. I haven't got access to a site configured in that way at the moment to check.

Simon.
0
 
scopeorthoAuthor Commented:
Sorry about FBA have not seen that abreviation.  Yeah all accesses work, but now my emails are not getting pushed to my mobile smartphone.  I have to initaite an ActiveSync on the mobile phone in order to recieve emails.  And when I initiate an ActiveSync it does it twice...  Should I redo the KB817379.  When I did this yesterday, I am more than positive that I disabled FBA before I saved the configuration.  But I did notice yesterday that RequireSSL was enabled on Microsoft Active-Sync Virtual Directory.  What do you think Simon?

Dennis
0
 
scopeorthoAuthor Commented:
I am seeing that sometimes emails do get pushed to my mobile phone.  But I still at times have to manaully initiate an ActiveSync.

Dennis
0
 
scopeorthoAuthor Commented:
AND!!! the Event ID Error is only when the Exchange Server pushes the emails to the mobile device.  Do I have a big problem with AES on my server?
0
 
scopeorthoAuthor Commented:
I have been troubleshooting my Auto Up to Date on my Exchange and it is not working.  Before I implemented FBA on the Exchagne Server I had no issues at all.  Now when the Exchange server does initiate a push I get the Error 3029, and it pushes out the message to the device.  But that is only after I restart IIS, once it does one push then it will no longer do any pushes.  I can initaite an Active Sync on my device and all is good I do not get the error on the server.  So I am seeing that the AUTD on Exchange is still thinking that Active-Sync Directory has SSL required.  Does this mean that it is not looking at the right directory?  That what it looks like to me.  I looked at ActiveSync Logs from my device I could not decipher all that information.  I am working with this posting: http://msexchangeteam.com/archive/2006/04/03/424028.aspx and I have looked at the logs on my smartphone and IIS and I see these entries.  What I am not finding is the AUTDState.XML on my exchange server.  Is this a problem???

Dennis
0
 
SembeeCommented:
If you have been pulling around the configuration of IIS, I would probably suggest that you reset the virtual directories
http://support.microsoft.com/default.aspx?kbid=883380

Remember to remove the registry key created as part of 817379.
Don't change anything else after resetting the virtual directories. If you have an SSL certificate in place, leave it alone. DO NOT enable forms based authentication.
See whether things work then.

Then reapply 817379, or my version of the instructions here: http://www.amset.info/exchange/mobile-85010014.asp

Only then enable forms based authentication.

Simon.
0
 
scopeorthoAuthor Commented:
I will try that this evening I will let you know how it goes...

Dennis
0
 
scopeorthoAuthor Commented:
Simon, thanks for the help you also helped me out on a prior issue with SSL on Exchange for OWA.  You are awesome!  Anyways I tried method 3 form KB883380 and it did not re-create my Exchange Virtual Directories.  What I am planning to do next year is hopefully add a front end Exchange server so we can have a good configuration before migrating to Exchange 2007.  But that is down the road.  I cannot unfortunately bring OWA down since there are serveral users that gain access to their email via the web.  For right now I am not expecting many users on AES maybe up to 5 users only and they will not entirely depend on Mobile Access to their mailbox.  So I am not stressing AUTD on AES.  Since ActiveSync can be programmed to get message every 5 minutes and ther seems to be no issue with the Exchange Server I will leave the configuration as is.  If need be something goes entirely bad, I do have the documenation to re-create the directories rather than re-installing exchange and recovery the information store from back-up.  This is good I will add this to my disaster Recovery document for our Exchange Server.  AUDT still does one push of email and then stops working.  This leads me to beleive that there is something wrong with http directory since the PING command from the device is working properly.  But I will keep an eye on it.  As of now the problem is not resolved but the server is functional!  I am supprised that more people have not had the same issue as me since I know a lot of organization do not deploy FE/BE Exchange configurations.  Maybe people do not deploy Certificate FBA or do not allow OWA/OMA/AES access.  But these were the selling points of Exchange server and that is why we migrated from a POP3 email based configuration to Exchange.

Dennis
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now