[Last Call] Learn how to a build a cloud-first strategyRegister Now


setting up OMA

Posted on 2008-11-11
Medium Priority
Last Modified: 2012-06-27
i had OMA working fine for like 4 months. then we obtained a new server and moved everything to the new server. everything works fine except OMA.

when i got to http://webmail.test.com/oma i get a screen that asks for my credentials when i type my info i get a message saying error http1.1 error 503 unavailable. sometimes i get a message saying the account is not configured for wireless access which of course it is.

i have followed the microsoft KB to create a new exchVDir and that has not helped, when i got https://webmail.test.com/exchange-oma i get screen to login and i am able to view emails. howevere when i go to http://webmail.test.com/exchange-oma it tells me to use https.
owa works fine on this site.

when i use my windows moble emulator to sync i put in my server name webmail.test.com and select use ssl i then input my info and hit sync it then come up with an error saying "The security certificate on the server is not valid. contact your systems administrator or ISP to install a valid cert" 0x80072f0d

this certificate works fine with OWA, but OMA seems to have aproblem.

when i try to sync the phone without using the ssl i get an error sayin "activesync encountered a proble on the server error 0x85010014."

i tried to install certificate on phone but still got the same problem. everything worked finen previous;y b4 moving exchange to a new server. actually previously i did not even have to select use ssl.

can someone help please my users are already going crazy.
Question by:cchibonga
  • 3
  • 3
LVL 12

Expert Comment

ID: 22937524

Here is what I have on the subject:

This is a possible resolution:

Verify that the HTTP server is available and try again. May require user to de-select sync items (Inbox, Contacts, Calendar, Tasks) and re-select them to reset the sync key.
1. Windows Integrated Authentication is not enabled on the Exchange virtual directory on the Exchange server. The Server ActiveSync component uses Kerberos authentication when communicating with the Exchange server.
2. Windows Integrated Authentication is enabled on the Exchange virtual directory on the Exchange server, but Kerberos is disabled via the IIS metabase.
3. Kerberos is enabled, but IIS may return HTTP Status 401 every 30 Days when using Kerberos on Windows 2000.
4. Sync is attempted while the mailbox is being moved.
5. User attempting sync is a member of more than 200 groups.
6. The Left Hand Side(LHS) and Right Hand Side(RHS) of the users primary SMTP address are both different from the SMTP address based on the default recipient policy. (Fixed with Exchange 2003 Service Pack2)
7.  The Exchange virtual directory on the Exchange Server is configured to require Secure Sockets Layer (SSL). Server ActiveSync communicates with the Exchange Server over port 80.
8. Windows SharePoint® has been installed on the Exchange server
9. The user composes e-mail on the device and attempts a sync when mailbox limits have been reached on the Exchange server.
10. Anonymous authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the server.
11. IIS Default Web Sites\Exchange-Oma virtual server retained the previous IP address in the Directory Security \ IP Address and domain name restrictions.
LVL 12

Expert Comment

ID: 22937529
User action:

1. To enable Integrated Windows Authentication on the Exchange virtual root
2. Re-enable Kerberos on the Exchange server by following the instructions in the KB Article 215383. HOW TO: Configure IIS to Support Both Kerberos and NTLM Authentication
3. If you are using Exchange 2003 on Windows 2000, obtain the hot fix outlined in KB 329938 by calling Microsoft Product Support Services.
4. Attempt sync later.
5. Reduce the group membership or obtain the QFE fix outlined in KB 818526 by calling Microsoft Product Support Services.
6. Add a registry key. Use Regedt32 and locate HKLM\System\CurrentControlSet\Services\MasSync\Parameters. Under the Parameters key create a Reg_SZ value called SMTPProxy. Set the value to the domain defined by the default recipient policy. For example, Microsoft.com. Restart the IIS Admin service. If you are using a front-end/back-end configuration this registry key needs to be added on the front-end server.
7. To configure the Exchange virtual directory to not require SSL
8. Configure Windows SharePoint to use Kerberos authentication by following the steps in KB 832769 HOW TO: Configure Windows SharePoint Services to Use Kerberos Authentication
9. Try to delete items in your mailbox to bring it within limits or contact your Exchange administrator to change the limits on your mailbox.
10. Uncheck anonymous authentication on the Microsoft-Server-ActiveSync virtual directory on the server. Basic authentication should be enabled.
11. See KB 817379: Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003 if you are using SSL or forms-based authentication.
12. Change the IIS Default Web Sites\Exchange-Oma virtual server IP address to deny all except the server's new IP address.

Author Comment

ID: 22941003
i have tried that but to no avail.

why is it that i cannot access my exchange-oma without having to have https on it. previously i could access it with http://mail.aaasd.org/exchange-oma but now i cannot i get "HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.Internet Information Services (IIS)" ..i checked to make sure this virtual directory was not limited to only one site, so i don't know where this error is coming from.

furthermore i was able to access oma using http://mail.aaasd.org/oma but now i get  "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."

is there something in my settings that i need to look for? I know before OMA can even function i need to make sure that these sites are accessible over IE.
So maybe we can start with this and then worry about the error messages on the phones later .

thanks in advance.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 22941110
another weird thing when i try to access exchange-oma using https://mail.aaasd.org/exchange-oma it works fine just like regular owa with out forms based authentication but when i check the option intergrated authentication for this virtual directory i cannot access it using the above link. it prompts me for password username but then says page cannot be displayed.

so right now i am leaving intergrated authentication unchecked despite microsoft kb 817379

any thoughts on this?
LVL 12

Accepted Solution

florin_s earned 1500 total points
ID: 22947790

This is from the link below:

" OMA transmits traffic to and from the web browser on the mobile device in HTTP (based upon TCP, port 80) and in clear text, meaning that anyone could potentially "listen" to your talk and grab frames and valuable information from the net.

To secure the transmission of information between Exchange Server 2003 and Outlook Mobile Access (OMA) clients, you can encrypt the information being transmitted by using SSL (Secure Sockets Layer). "




Author Comment

ID: 23158104
I had to rebuild my OMA from Scratch and point it to a different port. it was more like trial and error kind of fix.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses
Course of the Month17 days, 15 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question