davidstrydom
asked on
Error 0x85010014 ActiveSync
I get the below error in the event log on the exchange server. I am not using Form Base Authentication and I am not using SSL. Sharepoint is not installed. I have followed both knowledge base article KB817379 and KB215383. OWA and OMA works fine from a web browser but ActiveSync does not work. I am stumped and have been spending hours on this issue please assist if possible.
Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3031
Date: 9/16/2007
Time: 1:29:26 PM
User: MyUserName
Computer: MyServer
Description:
The mailbox server [myserver] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme. For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379). For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383). This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).
Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3031
Date: 9/16/2007
Time: 1:29:26 PM
User: MyUserName
Computer: MyServer
Description:
The mailbox server [myserver] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme. For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379). For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383). This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).
ASKER
Sembee,
I have been reading through some of the other articles and came accross your version of 817379.
I have attempted it but makes no diffference. Aslo for OWA we do not use SSL or form based. Everything was working a few days ago and then stopped. I cannot see and microsoft updates that would of casued the issue.
David
I have been reading through some of the other articles and came accross your version of 817379.
I have attempted it but makes no diffference. Aslo for OWA we do not use SSL or form based. Everything was working a few days ago and then stopped. I cannot see and microsoft updates that would of casued the issue.
David
Well the error you have posted is exclusively connected to authentication. If the authentication settings have been changed then it will generate a similar issue.
I would suggest that you begin by resetting the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380
Do not change anything after that and see what happens at that point. If you have attempted to the Exchange virtual directory changes then that needs to be undone first, including removing the registry entry.
Any reason you are not using SSL? I wouldn't dream of deploying OWA or any other remote access without SSL as that means all usernames and passwords are going across in the clear. I don't even open port 80 on the firewall at all.
Simon.
I would suggest that you begin by resetting the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380
Do not change anything after that and see what happens at that point. If you have attempted to the Exchange virtual directory changes then that needs to be undone first, including removing the registry entry.
Any reason you are not using SSL? I wouldn't dream of deploying OWA or any other remote access without SSL as that means all usernames and passwords are going across in the clear. I don't even open port 80 on the firewall at all.
Simon.
ASKER
Sembee
I could not agree more with the SSL being enabled. I will have that enabled once I have got everything working.
I have completed that knowledge base article 883380 now and still no change, however I have come accross something intersting but not sure where to run with it yet. OWA will not load if it is set ot use Intergrated windows authentication. It accepts the login but then loads nothing kind of the same issue I am having with ActiveSync. if you just have basic authentication selected OWA works fine. But either way ActiveSync does not work. Any Idea's?
David
I could not agree more with the SSL being enabled. I will have that enabled once I have got everything working.
I have completed that knowledge base article 883380 now and still no change, however I have come accross something intersting but not sure where to run with it yet. OWA will not load if it is set ot use Intergrated windows authentication. It accepts the login but then loads nothing kind of the same issue I am having with ActiveSync. if you just have basic authentication selected OWA works fine. But either way ActiveSync does not work. Any Idea's?
David
Is that with basic AND integrated set, or just one or the other?
Integrated only works with Internet Explorer and if you access the server by http://servername/exchange internally it should take you straight in to your own mailbox, using pass-through credentials.
The folder reset has never failed for me before, so I wonder if the problem is elsewhere, perhaps with the anonymous account.
Simon.
Integrated only works with Internet Explorer and if you access the server by http://servername/exchange internally it should take you straight in to your own mailbox, using pass-through credentials.
The folder reset has never failed for me before, so I wonder if the problem is elsewhere, perhaps with the anonymous account.
Simon.
ASKER
Simon,
Basic and intergrated set on all Exchange, ExchWeb, ExchAdmin, Public.
Only ExchWeb has the anonymous enabled.
From internally http://servername/exchange works like you say without prmpting for login.
But by IP address http://10.0.0.4/exchange say the Page cannot be displayed.
Now our external OWA forwads the public IP onto the internal IP and will atleast prompt for a username and pasword but just will not load. It will just give a generic IE cannot load this webpage. So OWA URL is http://0.0.0.0/exchange
How would I verify if that anonymous account is correct, I have no idea what the password would be I assume it is set by exchange when it installs.
David
Basic and intergrated set on all Exchange, ExchWeb, ExchAdmin, Public.
Only ExchWeb has the anonymous enabled.
From internally http://servername/exchange works like you say without prmpting for login.
But by IP address http://10.0.0.4/exchange say the Page cannot be displayed.
Now our external OWA forwads the public IP onto the internal IP and will atleast prompt for a username and pasword but just will not load. It will just give a generic IE cannot load this webpage. So OWA URL is http://0.0.0.0/exchange
How would I verify if that anonymous account is correct, I have no idea what the password would be I assume it is set by exchange when it installs.
David
If it works internally and loads correctly then that rules out the Exchange server application as being at fault. It has to be elsewhere.
Is the server multi-homed? Does it have two NICs with different IP addresses?
Simon.
Is the server multi-homed? Does it have two NICs with different IP addresses?
Simon.
ASKER
It does have 2NICs but they are teamed so the server only has one IP address. I just can't understand why internally it loads by servername but not by IP address, you would think if anything it would be the other way round.
ASKER
I have also noticed on the exchange server it does not load OWA by servername or by IP address, on any other machine it will load by servername and not by IP address. It is not a host file issue because it will load servername/oma and 10.0.0.4/oma so the hostname lookup works fine. I am really scratching my head on this one.
ASKER
Hi there,
Sorry it has taken me so long to post teh solutionm in the end. It seems it was the PIX that was causing the issue. As soon as I ticked the HTTP keep alive in IIS it was fine. Must of been some packet analyzer on the PIX that kept terminating the connection.
Sorry it has taken me so long to post teh solutionm in the end. It seems it was the PIX that was causing the issue. As soon as I ticked the HTTP keep alive in IIS it was fine. Must of been some packet analyzer on the PIX that kept terminating the connection.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
817379 has some flaws in its configuration which can mean it doesn't work correctly. I have my own process on the setup here: http://www.amset.info/exchange/mobile-85010014.asp
Simon.