setting up OMA

Posted on 2008-11-11
Last Modified: 2012-06-27
i had OMA working fine for like 4 months. then we obtained a new server and moved everything to the new server. everything works fine except OMA.

when i got to i get a screen that asks for my credentials when i type my info i get a message saying error http1.1 error 503 unavailable. sometimes i get a message saying the account is not configured for wireless access which of course it is.

i have followed the microsoft KB to create a new exchVDir and that has not helped, when i got i get screen to login and i am able to view emails. howevere when i go to it tells me to use https.
owa works fine on this site.

when i use my windows moble emulator to sync i put in my server name and select use ssl i then input my info and hit sync it then come up with an error saying "The security certificate on the server is not valid. contact your systems administrator or ISP to install a valid cert" 0x80072f0d

this certificate works fine with OWA, but OMA seems to have aproblem.

when i try to sync the phone without using the ssl i get an error sayin "activesync encountered a proble on the server error 0x85010014."

i tried to install certificate on phone but still got the same problem. everything worked finen previous;y b4 moving exchange to a new server. actually previously i did not even have to select use ssl.

can someone help please my users are already going crazy.
Question by:cchibonga
    LVL 12

    Expert Comment


    Here is what I have on the subject:

    This is a possible resolution:

    Verify that the HTTP server is available and try again. May require user to de-select sync items (Inbox, Contacts, Calendar, Tasks) and re-select them to reset the sync key.
    1. Windows Integrated Authentication is not enabled on the Exchange virtual directory on the Exchange server. The Server ActiveSync component uses Kerberos authentication when communicating with the Exchange server.
    2. Windows Integrated Authentication is enabled on the Exchange virtual directory on the Exchange server, but Kerberos is disabled via the IIS metabase.
    3. Kerberos is enabled, but IIS may return HTTP Status 401 every 30 Days when using Kerberos on Windows 2000.
    4. Sync is attempted while the mailbox is being moved.
    5. User attempting sync is a member of more than 200 groups.
    6. The Left Hand Side(LHS) and Right Hand Side(RHS) of the users primary SMTP address are both different from the SMTP address based on the default recipient policy. (Fixed with Exchange 2003 Service Pack2)
    7.  The Exchange virtual directory on the Exchange Server is configured to require Secure Sockets Layer (SSL). Server ActiveSync communicates with the Exchange Server over port 80.
    8. Windows SharePoint® has been installed on the Exchange server
    9. The user composes e-mail on the device and attempts a sync when mailbox limits have been reached on the Exchange server.
    10. Anonymous authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the server.
    11. IIS Default Web Sites\Exchange-Oma virtual server retained the previous IP address in the Directory Security \ IP Address and domain name restrictions.
    LVL 12

    Expert Comment

    User action:

    1. To enable Integrated Windows Authentication on the Exchange virtual root
    2. Re-enable Kerberos on the Exchange server by following the instructions in the KB Article 215383. HOW TO: Configure IIS to Support Both Kerberos and NTLM Authentication
    3. If you are using Exchange 2003 on Windows 2000, obtain the hot fix outlined in KB 329938 by calling Microsoft Product Support Services.
    4. Attempt sync later.
    5. Reduce the group membership or obtain the QFE fix outlined in KB 818526 by calling Microsoft Product Support Services.
    6. Add a registry key. Use Regedt32 and locate HKLM\System\CurrentControlSet\Services\MasSync\Parameters. Under the Parameters key create a Reg_SZ value called SMTPProxy. Set the value to the domain defined by the default recipient policy. For example, Restart the IIS Admin service. If you are using a front-end/back-end configuration this registry key needs to be added on the front-end server.
    7. To configure the Exchange virtual directory to not require SSL
    8. Configure Windows SharePoint to use Kerberos authentication by following the steps in KB 832769 HOW TO: Configure Windows SharePoint Services to Use Kerberos Authentication
    9. Try to delete items in your mailbox to bring it within limits or contact your Exchange administrator to change the limits on your mailbox.
    10. Uncheck anonymous authentication on the Microsoft-Server-ActiveSync virtual directory on the server. Basic authentication should be enabled.
    11. See KB 817379: Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003 if you are using SSL or forms-based authentication.
    12. Change the IIS Default Web Sites\Exchange-Oma virtual server IP address to deny all except the server's new IP address.

    Author Comment

    i have tried that but to no avail.

    why is it that i cannot access my exchange-oma without having to have https on it. previously i could access it with but now i cannot i get "HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.Internet Information Services (IIS)" ..i checked to make sure this virtual directory was not limited to only one site, so i don't know where this error is coming from.

    furthermore i was able to access oma using but now i get  "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."

    is there something in my settings that i need to look for? I know before OMA can even function i need to make sure that these sites are accessible over IE.
    So maybe we can start with this and then worry about the error messages on the phones later .

    thanks in advance.

    Author Comment

    another weird thing when i try to access exchange-oma using it works fine just like regular owa with out forms based authentication but when i check the option intergrated authentication for this virtual directory i cannot access it using the above link. it prompts me for password username but then says page cannot be displayed.

    so right now i am leaving intergrated authentication unchecked despite microsoft kb 817379

    any thoughts on this?
    LVL 12

    Accepted Solution


    This is from the link below:

    " OMA transmits traffic to and from the web browser on the mobile device in HTTP (based upon TCP, port 80) and in clear text, meaning that anyone could potentially "listen" to your talk and grab frames and valuable information from the net.

    To secure the transmission of information between Exchange Server 2003 and Outlook Mobile Access (OMA) clients, you can encrypt the information being transmitted by using SSL (Secure Sockets Layer). "

    Author Comment

    I had to rebuild my OMA from Scratch and point it to a different port. it was more like trial and error kind of fix.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now