Need help setting up ActiveSync between our mobile devices and Exchange server.

Here's our setup:

Exchange Server 2003 SP2 - no front-end
ISA Server 2000
Trying to sync mobile devices over ActiveSync

Could somoene please assist me in setting this up, or at the very least provide any info to help me get started.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Do you have an SSL cert? It's not required, but extremely recommended. Are you using OWA? Are you using Forms Based front end for OWA? You cannot require SSL and use Active Sync, and you cannot use Forms Based Authentication and use Active Sync. Purchase a 3rd party certificate if you haven't, then forward port 443 to your Exchange server. After that, it should be pretty straight forward - run through the Active Sync wizard on the phone.
Go-GBSAuthor Commented:
I am not using an SSL cert, at the moment at least.  I'm not really sure on the OWA or the Forms Based front end, can you explain these a little more?
If you you just want to sync over cable it should be very easy make sure you install this
and plug in the windows mobile device and you should be set. As long as you set up partnership between the device and the computer.

But if you have data connection through your mobile may want to sync over the air.  To do that look at these step by step:,295582,sid43_gci1249394,00.html

And purchase a third party SSL certificate and it will work better than the self-signed certificate. has a cheap certificate for 19.99 I think.  That should work out better for you
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

OWA = Outlook Web Access. Internally, you can type in http://<exchange server name>/owa to get a web interface for your email. Externally, you can type in http://exchange.<external domain name>.com, or whatever DNS name you want. For some clients, we use webmail.domain It depends on their preference. Get an SSL cert (3 year cert means less maintenance time) and forward port 443 from ISA server to Exchange.
and by the way, the second link in edmund7s contains dated information - Active Sync is now up-to-date with Exchange SP 2 (essential to have), and actually, I get the email on my phone before I get it in Outlook... so don't use those steps for Active Sync. Configure Active Sync directly.
Go-GBSAuthor Commented:
Oh, OWA, not sure why that didn't register with me.  Yes we do have OWA working.  I'll take a look at that link.
Go-GBSAuthor Commented:
And we do want to sync over the air.
does OWA work externally for when you are out of the office? If so, you should have most of the infrastructure in place to do Active Sync. Do you have Exchange SP 2 installed on the server?
Go-GBSAuthor Commented:
Yes to OWA working outside the office, and yes to Exchange SP2 as well.
Go-GBSAuthor Commented:
When I try to sync the phone I get an error message, and when I check the logging under IIS this is what I get, this is from a few weeks ago b/c I've been at this for awhile.

2008-10-30 00:25:26 PROPFIND /exchange/ - 80 - Microsoft-Server-ActiveSync/6.5.7638.1 401 2 5

At the point where it specifies the port and IP address, shouldn't it also send the logon credentials?
are you doing this over http or https? can you verify that active sync is enabled for the user? (should be by default) how are you activating on the phone?
Go-GBSAuthor Commented:
It's being done over HTTP.  And yes ActiveSync is enabled for the user as far as I can tell.  Here are each of the steps.

For the domain I put "" and do not require an SSL, then the username, password, and domain and I set it to save the password, then set it to synchrozine everything.

Just tried again, and the error I get from my phone is "ActiveSync encountered a problem on the server.  The support code is 0x85010014.
Go-GBSAuthor Commented:
Ok, just found this in the Application Log of our Exchange Server.

Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3031
Description: The mailbox server [%1] does not allow "Negotiate" authentication to its [%2] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.

Then when I checked this link it had a couple fixes, at this time we don't have a front-end exchange server we can put in, but does method two make sense to do?
Go-GBSAuthor Commented:

Sorry, here's the link I found.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It sounds like you have require SSL set. Can you confirm that both Forms Based Authentication is turned off:
use that link to turn off SSL and Forms Based
this shows you how to turn on (and consequently off) Forms Based:

Petri's articles are great. Read those for fun and you'll find them quite helpful.
Go-GBSAuthor Commented:
Forms based is turned off, as well as SSL, we don't require it for our OWA as it's just http.  Any thoughts on the 2nd virtual directory?
no, no need, that's only for SSL on one, and HTTP OWA on the other.
Go-GBSAuthor Commented:
Like I said, we access our OWA using http, but is there a setting that could still be in place that's affecting things?  Is there a definitive setting I could check in regards to SSL?
Go-GBSAuthor Commented:
I did notice in that petri article, that this can occur when SSL is required, or if integrated windows authentication is not required, which it is not, we only require basic authentication.
Go-GBSAuthor Commented:
But I see at the bottom of that link someone fixed this problem using treo 700wx smart phones which is what I have, using the same Microsoft article I was referring to.  I'm not sure I follow how the original author fixed his own problem.
Any updates on this one? How did you make out? Are you still stuck?
Go-GBSAuthor Commented:
To be perfectly honest it's been put on the backburner for now, but I didn't want to close the question w/o awarding any points.  We may be replacing the Exchange server soon, so I might wait until that's been done.
Go-GBSAuthor Commented:
Well I had responded that this project was on hold for now.  Is it possible to reopen this later?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.