Avatar of xxiantweb
xxiantwebFlag for United Kingdom of Great Britain and Northern Ireland asked on

Exchange 2003/Activesync with WM6.1

Before I finally tear what's left of my hair out, I need some fairly specific help with getting my company's Windows Mobile Professional 6.1 devices (HTC TYTN II devices) to synchronise with our Exchange 2003 Server, which runs on our Windows 2003 Standard Server.

I believe that I have everything set up correctly, but I need to be spoken to like I'm a dummy and walked through EVERYTHING which needs to be set/unset, etc.

Much as I appreciate that you experts will have been asked these questions tons of times and are probably sick of giving the answers, I would prefer not to just be given links to follow, but rather advice along with them.

500 Points is a good score for this but it won't be given to anyone who just sends links, as that's no good, escpecially when I'm an Exchange Server 2003 NOVICE!

Many thanks in advance for your kind help with this.

Tony
Windows OSMicrosoft IIS Web ServerExchange

Avatar of undefined
Last Comment
xxiantweb

8/22/2022 - Mon
Mikal613

does your exchange have SP2 installed?
ASKER
xxiantweb

Yes it does.
Mestha

Enable the feature as per my guide here:
http://www.amset.info/exchange/mobile-setup.asp

Then TEST with the Test Exchange Connectivity site using a test account here:
https://www.testexchangeconnectivity.com

Depending on the results of that, will depend on the next step forward.

The most common problem is having an invalid SSL certificate or enabling forms based authentication on the web site.
However rather than going down troubleshooting those specific issues (which may not be required) do the basics first.

-M
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
xxiantweb

Awaiting new certificate to be delivered...will come back after that...thanks

T
ASKER
xxiantweb

OK, certificates finally obtained after fighting with the companies concerned...hard work.  Installed OK and ran the test above.  Here are the results:

 Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
 Host successfully Resolved
Additional Details
 IP(s) returned: 88.208.221.191, 88.208.221.190

Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
 The port was opened successfully.

Testing SSLCertificate for validity.
 The certificate passed all validation requirements.
Additional Details
 Subject: CN=dsvr007293.hodat.co.uk, OU=Domain Control Validated, O=dsvr007293.hodat.co.uk, Issuer SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
 Http Authentication Test failed
 Tell me more about this issue and how to resolve it

Additional Details
 Authentication method Negotiate is enabled but is not an allowed Authentication method for this service.

Do you know what's wrong?

T
Mestha

You probably do not have integrated authentication enabled on the Microsoft-Server-ActiveSync virtual directory in IIS Admin. If it is not enabled, enable it and then run iisreset to write the change to the IIS metabase.

-M
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
xxiantweb

It already is, that and basic are enabled.

T
Mestha

The error message means that integrated authentication isn't enabled or isn't being passed through correctly.
Remove Basic and then run iisreset and try again.

-M
ASKER
xxiantweb

Hi M,

No luck...I've attached a document below to see if it helps.

Thanks again.

T
Settings--etc..pdf
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Mestha

Reset the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380

Do not change anything, then test again.

-M
ASKER
xxiantweb

OK, done - output:

 Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
 Host successfully Resolved
Additional Details
 IP(s) returned: 88.208.221.190, 88.208.221.191

Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
 The port was opened successfully.

Testing SSLCertificate for validity.
 The certificate passed all validation requirements.
Additional Details
 Subject: CN=dsvr007293.hodat.co.uk, OU=Domain Control Validated, O=dsvr007293.hodat.co.uk, Issuer SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
Additional Details
 Found all expected authentication methods and no disallowed methods Methods Found: Basic realm="dsvr007293.hodat.co.uk"

Attempting an Activesync session with server
 Errors were encountered while testing the ActiveSync session
Test Steps
 Attempting to send OPTIONS command to server
 Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
 A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
Mestha

It has got further on.
Is there anything logged at that time in the application log?

-M
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
xxiantweb

I've attached the event viewer file as a .pdf, simply rename it as .evt and view it in the event viewer.

Ta.

T
applog.pdf
Mestha

Unfortunately I don't open files of that type from a stranger.
Look through the event viewer, an error would be pretty obvious.

-M
ASKER
xxiantweb

I understand your reluctance, but why would I send you anything dubious when I'm trying to obtain your assistance?  There are lots of "things" in there which I don't understand...that's why I sent you the file...

I'll clear the log now and then re-run the test and tell you what I find, OK?  Won't take too long...

Thanks and sorry if you think I'm trying to virus you!

T
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
xxiantweb

Hi M,

I've cleared all logs and then re-run the test, but none of the logs have anything in them at all afterwards.  The security log has "Success Audits" in there, which it constantly seems to have anyway.

One of the steps (I used Method #2 to reset the virtual directories, and part of that was to tick and then untick Integrated Windows Authentication...so for now, that's unticked.  Just letting you know.

T
ASKER
xxiantweb

Can you please explain what should be going into EACH of the fields on the exchange test form too?  I could be completing them wrongly, you know.

T
Mestha

My reluctance comes from payloads. You don't know if your machine is completely clean. It isn't just you - I refuse to download anything from this site. I didn't agree with attachments being allowed in the first place, but anyway...

The ActiveSync test is fairly straight forward. I see nothing on the form that could cause confusion.

Are you using a test account or a real account?
Did the test account get an email address automatically? Did it get an email address in the default domain? The default domain matches the FQDN of your Windows domain - so domain.local for example.

The error that you posted above is unauthorised, which would tend to indicate a username/password failure.

-M
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mestha

The error I was expecting is the one shown in this question:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24088011.html

-M
ASKER
xxiantweb

Hi M,

Sorry for the late reply...

You may see nothing on the form which causes confusion, but I do.  Where can I verify what should be in each field (e.g. one of my bug-bears is that my Exchange server is named HODAT, but the domain it sits on is hodat.co.uk - which is used where?)

I've created a user called joebloggs@hodat.co.uk with a password of "password" on the activesync server dsvr007293.hodat.co.uk...if you use this and do the tests, you will see.

I reckon it'd be advantageous for you to actually camp-on to the server and diagnose from there...which I'm willing to trust you to do.

T
ASKER
xxiantweb

Hi M,

No response to my previous...did you manage to test the login?

Regards,

T
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Mestha

I didn't see the previous response and I am not testing it for you. My PI insurance doesn't cover me to do that.
Furthermore working directly is against the rules of this site, everything has to be carried out on this site. If you want someone to look at the problem for you then you will either need to speak to Microsoft or find a consultant to look at it.

If you haven't already, I would suggest that you kill that account.

-M
ASKER
xxiantweb

OK, OK...calm down, I wasn't aware of this...

The account has been killed...where do we go from here then?
ASKER
xxiantweb

Sorry, just re-read that comment and it sounded quite cheeky.  My apologies.  I'm just getting really frustrated with this whole issue.

Can you please tell me what I should do next?

Many thanks,

T
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mestha

When you are configuring the client or the application, the DOMAIN is the Windows domain. SO if you Windows domain is example.local then that is what you put in.
The host is the name on the SSL certificate which should resolve to the external IP address of your Exchange server.

-M
ASKER
xxiantweb

Hi M,

Thanks for persevering.  I had all the credentials correctly placed.  Did the activesync test again and it failed on the very last step.  Here's the dump:

 Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
 Host successfully Resolved
Additional Details
 IP(s) returned: 88.208.221.190, 88.208.221.191

Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
 The port was opened successfully.

Testing SSLCertificate for validity.
 The certificate passed all validation requirements.
Additional Details
 Subject: CN=dsvr007293.hodat.co.uk, OU=Domain Control Validated, O=dsvr007293.hodat.co.uk, Issuer SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
Additional Details
 Found all expected authentication methods and no disallowed methods Methods Found: Basic realm="dsvr007293.hodat.co.uk"

Attempting an Activesync session with server
 Errors were encountered while testing the ActiveSync session
Test Steps
 Attempting to send OPTIONS command to server
 Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
 A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown

The last bit where it says "unauthorized response was received from unknown"  I've searched on the internet for this and someone mentions that it should refer to IIS rather than unknown...is this correct?

T
Mestha

For some reason you are getting an unauthorised failure.
I would probably start looking at the web logs on the server to see whether the authentication attempt is logged and crucially is the correct account.

-M
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
xxiantweb

Hi M,

The logs in the event viewer are unaffected by the ActiveSync test.  The weblogs for the default website list the following after an unsuccessful activesync test:

2009-02-16 15:37:08 W3SVC1 88.208.221.191 GET /Microsoft-Server-Activesync/ - 443 - 12.190.158.27 HTTP/1.1 - - - 401 2148074254 335 100 0
2009-02-16 15:37:08 W3SVC1 88.208.221.191 OPTIONS /Microsoft-Server-Activesync/ - 443 - 12.190.158.27 HTTP/1.1 TestActiveSyncConnectivity - - 401 2148074254 335 133 0
2009-02-16 15:37:08 W3SVC1 88.208.221.191 OPTIONS /Microsoft-Server-Activesync/ - 443 - 12.190.158.27 HTTP/1.1 TestActiveSyncConnectivity - - 401 2148074254 335 212 0

Can you shed any light on this?  I'm beginning to wonder if the server was installed/configured properly.  My server contains the following applications:

SQL Server 2005 SP2
Exchange Server 2003 SP2 configured as an RPC-HTTP back-end server

Is there a correct "order" for the server to be built (e.g. make it a domain controller before anything else, etc.?)
ASKER CERTIFIED SOLUTION
Mestha

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
xxiantweb

Hi M,

I've decided that I'm gonna can this question for now - in April this year, I'll be getting a replacement, better server to overlap with ditching the old (current) one.  At that time, if you don't mind, I'll check back with you about the right "order" to install things on there to ensure that Exchange and ActiveSync work OK?

You've already been a massive help, so I'm giving you the points anyway.

Speak to you in a month or so.

T