xxiantweb
asked on
Exchange 2003/Activesync with WM6.1
Before I finally tear what's left of my hair out, I need some fairly specific help with getting my company's Windows Mobile Professional 6.1 devices (HTC TYTN II devices) to synchronise with our Exchange 2003 Server, which runs on our Windows 2003 Standard Server.
I believe that I have everything set up correctly, but I need to be spoken to like I'm a dummy and walked through EVERYTHING which needs to be set/unset, etc.
Much as I appreciate that you experts will have been asked these questions tons of times and are probably sick of giving the answers, I would prefer not to just be given links to follow, but rather advice along with them.
500 Points is a good score for this but it won't be given to anyone who just sends links, as that's no good, escpecially when I'm an Exchange Server 2003 NOVICE!
Many thanks in advance for your kind help with this.
Tony
I believe that I have everything set up correctly, but I need to be spoken to like I'm a dummy and walked through EVERYTHING which needs to be set/unset, etc.
Much as I appreciate that you experts will have been asked these questions tons of times and are probably sick of giving the answers, I would prefer not to just be given links to follow, but rather advice along with them.
500 Points is a good score for this but it won't be given to anyone who just sends links, as that's no good, escpecially when I'm an Exchange Server 2003 NOVICE!
Many thanks in advance for your kind help with this.
Tony
does your exchange have SP2 installed?
ASKER
Yes it does.
Enable the feature as per my guide here:
http://www.amset.info/exchange/mobile-setup.asp
Then TEST with the Test Exchange Connectivity site using a test account here:
https://www.testexchangeconnectivity.com
Depending on the results of that, will depend on the next step forward.
The most common problem is having an invalid SSL certificate or enabling forms based authentication on the web site.
However rather than going down troubleshooting those specific issues (which may not be required) do the basics first.
-M
http://www.amset.info/exchange/mobile-setup.asp
Then TEST with the Test Exchange Connectivity site using a test account here:
https://www.testexchangeconnectivity.com
Depending on the results of that, will depend on the next step forward.
The most common problem is having an invalid SSL certificate or enabling forms based authentication on the web site.
However rather than going down troubleshooting those specific issues (which may not be required) do the basics first.
-M
ASKER
Awaiting new certificate to be delivered...will come back after that...thanks
T
T
ASKER
OK, certificates finally obtained after fighting with the companies concerned...hard work. Installed OK and ran the test above. Here are the results:
Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 88.208.221.191, 88.208.221.190
Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSLCertificate for validity.
The certificate passed all validation requirements.
Additional Details
Subject: CN=dsvr007293.hodat.co.uk, OU=Domain Control Validated, O=dsvr007293.hodat.co.uk, Issuer SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US
Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Authentication method Negotiate is enabled but is not an allowed Authentication method for this service.
Do you know what's wrong?
T
Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 88.208.221.191, 88.208.221.190
Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSLCertificate for validity.
The certificate passed all validation requirements.
Additional Details
Subject: CN=dsvr007293.hodat.co.uk,
Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Authentication method Negotiate is enabled but is not an allowed Authentication method for this service.
Do you know what's wrong?
T
You probably do not have integrated authentication enabled on the Microsoft-Server-ActiveSyn c virtual directory in IIS Admin. If it is not enabled, enable it and then run iisreset to write the change to the IIS metabase.
-M
-M
ASKER
It already is, that and basic are enabled.
T
T
The error message means that integrated authentication isn't enabled or isn't being passed through correctly.
Remove Basic and then run iisreset and try again.
-M
Remove Basic and then run iisreset and try again.
-M
ASKER
Hi M,
No luck...I've attached a document below to see if it helps.
Thanks again.
T
Settings--etc..pdf
No luck...I've attached a document below to see if it helps.
Thanks again.
T
Settings--etc..pdf
Reset the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380
Do not change anything, then test again.
-M
http://support.microsoft.com/default.aspx?kbid=883380
Do not change anything, then test again.
-M
ASKER
OK, done - output:
Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 88.208.221.190, 88.208.221.191
Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSLCertificate for validity.
The certificate passed all validation requirements.
Additional Details
Subject: CN=dsvr007293.hodat.co.uk, OU=Domain Control Validated, O=dsvr007293.hodat.co.uk, Issuer SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US
Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods Methods Found: Basic realm="dsvr007293.hodat.co .uk"
Attempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 88.208.221.190, 88.208.221.191
Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSLCertificate for validity.
The certificate passed all validation requirements.
Additional Details
Subject: CN=dsvr007293.hodat.co.uk,
Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods Methods Found: Basic realm="dsvr007293.hodat.co
Attempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
It has got further on.
Is there anything logged at that time in the application log?
-M
Is there anything logged at that time in the application log?
-M
ASKER
I've attached the event viewer file as a .pdf, simply rename it as .evt and view it in the event viewer.
Ta.
T
applog.pdf
Ta.
T
applog.pdf
Unfortunately I don't open files of that type from a stranger.
Look through the event viewer, an error would be pretty obvious.
-M
Look through the event viewer, an error would be pretty obvious.
-M
ASKER
I understand your reluctance, but why would I send you anything dubious when I'm trying to obtain your assistance? There are lots of "things" in there which I don't understand...that's why I sent you the file...
I'll clear the log now and then re-run the test and tell you what I find, OK? Won't take too long...
Thanks and sorry if you think I'm trying to virus you!
T
I'll clear the log now and then re-run the test and tell you what I find, OK? Won't take too long...
Thanks and sorry if you think I'm trying to virus you!
T
ASKER
Hi M,
I've cleared all logs and then re-run the test, but none of the logs have anything in them at all afterwards. The security log has "Success Audits" in there, which it constantly seems to have anyway.
One of the steps (I used Method #2 to reset the virtual directories, and part of that was to tick and then untick Integrated Windows Authentication...so for now, that's unticked. Just letting you know.
T
I've cleared all logs and then re-run the test, but none of the logs have anything in them at all afterwards. The security log has "Success Audits" in there, which it constantly seems to have anyway.
One of the steps (I used Method #2 to reset the virtual directories, and part of that was to tick and then untick Integrated Windows Authentication...so for now, that's unticked. Just letting you know.
T
ASKER
Can you please explain what should be going into EACH of the fields on the exchange test form too? I could be completing them wrongly, you know.
T
T
My reluctance comes from payloads. You don't know if your machine is completely clean. It isn't just you - I refuse to download anything from this site. I didn't agree with attachments being allowed in the first place, but anyway...
The ActiveSync test is fairly straight forward. I see nothing on the form that could cause confusion.
Are you using a test account or a real account?
Did the test account get an email address automatically? Did it get an email address in the default domain? The default domain matches the FQDN of your Windows domain - so domain.local for example.
The error that you posted above is unauthorised, which would tend to indicate a username/password failure.
-M
The ActiveSync test is fairly straight forward. I see nothing on the form that could cause confusion.
Are you using a test account or a real account?
Did the test account get an email address automatically? Did it get an email address in the default domain? The default domain matches the FQDN of your Windows domain - so domain.local for example.
The error that you posted above is unauthorised, which would tend to indicate a username/password failure.
-M
The error I was expecting is the one shown in this question:
https://www.experts-exchange.com/questions/24088011/Activesync-Exchange2003.html
-M
https://www.experts-exchange.com/questions/24088011/Activesync-Exchange2003.html
-M
ASKER
Hi M,
Sorry for the late reply...
You may see nothing on the form which causes confusion, but I do. Where can I verify what should be in each field (e.g. one of my bug-bears is that my Exchange server is named HODAT, but the domain it sits on is hodat.co.uk - which is used where?)
I've created a user called joebloggs@hodat.co.uk with a password of "password" on the activesync server dsvr007293.hodat.co.uk...i f you use this and do the tests, you will see.
I reckon it'd be advantageous for you to actually camp-on to the server and diagnose from there...which I'm willing to trust you to do.
T
Sorry for the late reply...
You may see nothing on the form which causes confusion, but I do. Where can I verify what should be in each field (e.g. one of my bug-bears is that my Exchange server is named HODAT, but the domain it sits on is hodat.co.uk - which is used where?)
I've created a user called joebloggs@hodat.co.uk with a password of "password" on the activesync server dsvr007293.hodat.co.uk...i
I reckon it'd be advantageous for you to actually camp-on to the server and diagnose from there...which I'm willing to trust you to do.
T
ASKER
Hi M,
No response to my previous...did you manage to test the login?
Regards,
T
No response to my previous...did you manage to test the login?
Regards,
T
I didn't see the previous response and I am not testing it for you. My PI insurance doesn't cover me to do that.
Furthermore working directly is against the rules of this site, everything has to be carried out on this site. If you want someone to look at the problem for you then you will either need to speak to Microsoft or find a consultant to look at it.
If you haven't already, I would suggest that you kill that account.
-M
Furthermore working directly is against the rules of this site, everything has to be carried out on this site. If you want someone to look at the problem for you then you will either need to speak to Microsoft or find a consultant to look at it.
If you haven't already, I would suggest that you kill that account.
-M
ASKER
OK, OK...calm down, I wasn't aware of this...
The account has been killed...where do we go from here then?
The account has been killed...where do we go from here then?
ASKER
Sorry, just re-read that comment and it sounded quite cheeky. My apologies. I'm just getting really frustrated with this whole issue.
Can you please tell me what I should do next?
Many thanks,
T
Can you please tell me what I should do next?
Many thanks,
T
When you are configuring the client or the application, the DOMAIN is the Windows domain. SO if you Windows domain is example.local then that is what you put in.
The host is the name on the SSL certificate which should resolve to the external IP address of your Exchange server.
-M
The host is the name on the SSL certificate which should resolve to the external IP address of your Exchange server.
-M
ASKER
Hi M,
Thanks for persevering. I had all the credentials correctly placed. Did the activesync test again and it failed on the very last step. Here's the dump:
Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 88.208.221.190, 88.208.221.191
Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSLCertificate for validity.
The certificate passed all validation requirements.
Additional Details
Subject: CN=dsvr007293.hodat.co.uk, OU=Domain Control Validated, O=dsvr007293.hodat.co.uk, Issuer SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US
Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods Methods Found: Basic realm="dsvr007293.hodat.co .uk"
Attempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
The last bit where it says "unauthorized response was received from unknown" I've searched on the internet for this and someone mentions that it should refer to IIS rather than unknown...is this correct?
T
Thanks for persevering. I had all the credentials correctly placed. Did the activesync test again and it failed on the very last step. Here's the dump:
Attempting to Resolve the host name dsvr007293.hodat.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 88.208.221.190, 88.208.221.191
Testing TCP Port 443 on host dsvr007293.hodat.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSLCertificate for validity.
The certificate passed all validation requirements.
Additional Details
Subject: CN=dsvr007293.hodat.co.uk,
Testing Http Authentication Methods for URL https://dsvr007293.hodat.co.uk/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods Methods Found: Basic realm="dsvr007293.hodat.co
Attempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
The last bit where it says "unauthorized response was received from unknown" I've searched on the internet for this and someone mentions that it should refer to IIS rather than unknown...is this correct?
T
For some reason you are getting an unauthorised failure.
I would probably start looking at the web logs on the server to see whether the authentication attempt is logged and crucially is the correct account.
-M
I would probably start looking at the web logs on the server to see whether the authentication attempt is logged and crucially is the correct account.
-M
ASKER
Hi M,
The logs in the event viewer are unaffected by the ActiveSync test. The weblogs for the default website list the following after an unsuccessful activesync test:
2009-02-16 15:37:08 W3SVC1 88.208.221.191 GET /Microsoft-Server-Activesy nc/ - 443 - 12.190.158.27 HTTP/1.1 - - - 401 2148074254 335 100 0
2009-02-16 15:37:08 W3SVC1 88.208.221.191 OPTIONS /Microsoft-Server-Activesy nc/ - 443 - 12.190.158.27 HTTP/1.1 TestActiveSyncConnectivity - - 401 2148074254 335 133 0
2009-02-16 15:37:08 W3SVC1 88.208.221.191 OPTIONS /Microsoft-Server-Activesy nc/ - 443 - 12.190.158.27 HTTP/1.1 TestActiveSyncConnectivity - - 401 2148074254 335 212 0
Can you shed any light on this? I'm beginning to wonder if the server was installed/configured properly. My server contains the following applications:
SQL Server 2005 SP2
Exchange Server 2003 SP2 configured as an RPC-HTTP back-end server
Is there a correct "order" for the server to be built (e.g. make it a domain controller before anything else, etc.?)
The logs in the event viewer are unaffected by the ActiveSync test. The weblogs for the default website list the following after an unsuccessful activesync test:
2009-02-16 15:37:08 W3SVC1 88.208.221.191 GET /Microsoft-Server-Activesy
2009-02-16 15:37:08 W3SVC1 88.208.221.191 OPTIONS /Microsoft-Server-Activesy
2009-02-16 15:37:08 W3SVC1 88.208.221.191 OPTIONS /Microsoft-Server-Activesy
Can you shed any light on this? I'm beginning to wonder if the server was installed/configured properly. My server contains the following applications:
SQL Server 2005 SP2
Exchange Server 2003 SP2 configured as an RPC-HTTP back-end server
Is there a correct "order" for the server to be built (e.g. make it a domain controller before anything else, etc.?)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi M,
I've decided that I'm gonna can this question for now - in April this year, I'll be getting a replacement, better server to overlap with ditching the old (current) one. At that time, if you don't mind, I'll check back with you about the right "order" to install things on there to ensure that Exchange and ActiveSync work OK?
You've already been a massive help, so I'm giving you the points anyway.
Speak to you in a month or so.
T
I've decided that I'm gonna can this question for now - in April this year, I'll be getting a replacement, better server to overlap with ditching the old (current) one. At that time, if you don't mind, I'll check back with you about the right "order" to install things on there to ensure that Exchange and ActiveSync work OK?
You've already been a massive help, so I'm giving you the points anyway.
Speak to you in a month or so.
T