setting up OMA

i had OMA working fine for like 4 months. then we obtained a new server and moved everything to the new server. everything works fine except OMA.

when i got to http://webmail.test.com/oma i get a screen that asks for my credentials when i type my info i get a message saying error http1.1 error 503 unavailable. sometimes i get a message saying the account is not configured for wireless access which of course it is.

i have followed the microsoft KB to create a new exchVDir and that has not helped, when i got https://webmail.test.com/exchange-oma i get screen to login and i am able to view emails. howevere when i go to http://webmail.test.com/exchange-oma it tells me to use https.
owa works fine on this site.

when i use my windows moble emulator to sync i put in my server name webmail.test.com and select use ssl i then input my info and hit sync it then come up with an error saying "The security certificate on the server is not valid. contact your systems administrator or ISP to install a valid cert" 0x80072f0d

this certificate works fine with OWA, but OMA seems to have aproblem.

when i try to sync the phone without using the ssl i get an error sayin "activesync encountered a proble on the server error 0x85010014."

i tried to install certificate on phone but still got the same problem. everything worked finen previous;y b4 moving exchange to a new server. actually previously i did not even have to select use ssl.

can someone help please my users are already going crazy.
cchibongaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

florin_sCommented:
Hi,

Here is what I have on the subject:

This is a possible resolution:

Verify that the HTTP server is available and try again. May require user to de-select sync items (Inbox, Contacts, Calendar, Tasks) and re-select them to reset the sync key.
1. Windows Integrated Authentication is not enabled on the Exchange virtual directory on the Exchange server. The Server ActiveSync component uses Kerberos authentication when communicating with the Exchange server.
2. Windows Integrated Authentication is enabled on the Exchange virtual directory on the Exchange server, but Kerberos is disabled via the IIS metabase.
3. Kerberos is enabled, but IIS may return HTTP Status 401 every 30 Days when using Kerberos on Windows 2000.
4. Sync is attempted while the mailbox is being moved.
5. User attempting sync is a member of more than 200 groups.
6. The Left Hand Side(LHS) and Right Hand Side(RHS) of the users primary SMTP address are both different from the SMTP address based on the default recipient policy. (Fixed with Exchange 2003 Service Pack2)
7.  The Exchange virtual directory on the Exchange Server is configured to require Secure Sockets Layer (SSL). Server ActiveSync communicates with the Exchange Server over port 80.
8. Windows SharePoint® has been installed on the Exchange server
9. The user composes e-mail on the device and attempts a sync when mailbox limits have been reached on the Exchange server.
10. Anonymous authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the server.
11. IIS Default Web Sites\Exchange-Oma virtual server retained the previous IP address in the Directory Security \ IP Address and domain name restrictions.
0
florin_sCommented:
User action:

1. To enable Integrated Windows Authentication on the Exchange virtual root
2. Re-enable Kerberos on the Exchange server by following the instructions in the KB Article 215383. HOW TO: Configure IIS to Support Both Kerberos and NTLM Authentication
3. If you are using Exchange 2003 on Windows 2000, obtain the hot fix outlined in KB 329938 by calling Microsoft Product Support Services.
4. Attempt sync later.
5. Reduce the group membership or obtain the QFE fix outlined in KB 818526 by calling Microsoft Product Support Services.
6. Add a registry key. Use Regedt32 and locate HKLM\System\CurrentControlSet\Services\MasSync\Parameters. Under the Parameters key create a Reg_SZ value called SMTPProxy. Set the value to the domain defined by the default recipient policy. For example, Microsoft.com. Restart the IIS Admin service. If you are using a front-end/back-end configuration this registry key needs to be added on the front-end server.
7. To configure the Exchange virtual directory to not require SSL
8. Configure Windows SharePoint to use Kerberos authentication by following the steps in KB 832769 HOW TO: Configure Windows SharePoint Services to Use Kerberos Authentication
9. Try to delete items in your mailbox to bring it within limits or contact your Exchange administrator to change the limits on your mailbox.
10. Uncheck anonymous authentication on the Microsoft-Server-ActiveSync virtual directory on the server. Basic authentication should be enabled.
11. See KB 817379: Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003 if you are using SSL or forms-based authentication.
12. Change the IIS Default Web Sites\Exchange-Oma virtual server IP address to deny all except the server's new IP address.
0
cchibongaAuthor Commented:
i have tried that but to no avail.

why is it that i cannot access my exchange-oma without having to have https on it. previously i could access it with http://mail.aaasd.org/exchange-oma but now i cannot i get "HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.Internet Information Services (IIS)" ..i checked to make sure this virtual directory was not limited to only one site, so i don't know where this error is coming from.

furthermore i was able to access oma using http://mail.aaasd.org/oma but now i get  "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."

is there something in my settings that i need to look for? I know before OMA can even function i need to make sure that these sites are accessible over IE.
So maybe we can start with this and then worry about the error messages on the phones later .

thanks in advance.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

cchibongaAuthor Commented:
another weird thing when i try to access exchange-oma using https://mail.aaasd.org/exchange-oma it works fine just like regular owa with out forms based authentication but when i check the option intergrated authentication for this virtual directory i cannot access it using the above link. it prompts me for password username but then says page cannot be displayed.

so right now i am leaving intergrated authentication unchecked despite microsoft kb 817379

any thoughts on this?
0
florin_sCommented:
Hi,

This is from the link below:

" OMA transmits traffic to and from the web browser on the mobile device in HTTP (based upon TCP, port 80) and in clear text, meaning that anyone could potentially "listen" to your talk and grab frames and valuable information from the net.

To secure the transmission of information between Exchange Server 2003 and Outlook Mobile Access (OMA) clients, you can encrypt the information being transmitted by using SSL (Secure Sockets Layer). "

http://www.petri.co.il/configure_ssl_on_oma.htm

http://www.amset.info/exchange/mobile-setup.asp

http://www.petri.co.il/temporarily_disable_root_certificates_checking_in_windows_mobile_ppc.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cchibongaAuthor Commented:
I had to rebuild my OMA from Scratch and point it to a different port. it was more like trial and error kind of fix.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.