Exchange 2003 & ActiveSync Problems

I have SSL enabled for OWA and not OMA.  I am able to access my inbox via http://IPAddress/OMa on my desktop.  It asks for the username and password, and everything is visible.  I was messing around with IIS this morning trying to get SSL working on OMA, and everything went south.  I did not backup IIS, and I made changes to Exchange-oma, ExchWeb, Microsoft_Server_ActiveSync, and OMA.  I enabled SSL, 128-Bit.  I also made changes as far as Eanble Anonymous access and Integrated Windows Authentication.  I could not get SSL to work for OMA, so I decided to reboot.  The server would hang Applying Personal Settings.  I finally got past this problem by editing the domain controller security policy\local policy\user rights assignments\Manage auditing and secuirty log.  I added Exchange Domain Servers and rebooted the exchange server and mail is working again.  However, I cannot get any existing or new phones to sync with exchange.  I receive Support Code:  0x85010001.  It appeared to sync once on a new phone, but then this error message will not go away.  
So I have SSL working on OWA and its working fine.  I want to get SSL working for OMA, but it failed, so now I am just trying to get OMA working without SSL for now.  I am trying to figure the proper Authentication Methods settings (enable anonymouse access, integrated windows authentication for Exchange, Exchange-oma, Microsoft-Server-ActiveSync, MobileAdmin, and OMA.  
cmp119IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MesthaCommented:
You cannot enable SSL on a per folder basis. It sounds like you have made the same mistake that many others have made, and mistaken the require SSL setting as the option that turns on and turns off SSL. That is NOT what it does.

It is perfectly possible to use SSL without having require SSL enabled.

Therefore what I would suggest that you do is remove the require SSL option on the site and all of the virtual directories.
Then reset the virtual directories: http://support.microsoft.com/default.aspx?kbid=883380

Do NOT make any other changes to the system, test it using the Microsoft test site:
https://testexchangeconnectivity.com/

If it works there, then you can move on.

Simon.
0
cmp119IT ManagerAuthor Commented:
Simon,
I removed the SSL option on the site and all virtual directories.  I reset the virtual directories as indicated in the link defined above.   Afterwards I restarted Exchange System Attendant service and I noticed the virtual directories were recreated.  I also reset the access permissions to Anonyimous.  I tried accessing my mailbox and it let me in after entering domain\username and password.  I tried accessing http://IPAddress\oma, and I entered my credentials, and I recieved an error "A system error has occured while processing your request.  Please try again.  If the problem persists, contact your administrator.

I then ran the Exchange Server Remote Connectivity Analysis, and the test failed indicating the following:

 Attempting to Resolve the host name 216.54.12.66 in DNS.
 Host successfully Resolved
Additional Details
 IP(s) returned: 216.54.12.66

Testing TCP Port 443 on host 216.54.12.66 to ensure it is listening/open.
 The port was opened successfully.

Testing SSL Certificate for validity.
 The SSL Certificate failed one or more certificate validation checks.
Test Steps
 Validating certificate name
 Certificate name validation failed
 Tell me more about this issue and how to resolve it

Additional Details
 Host name 216.54.12.66 does not match any name found on the server certificate E=postmaster@mclfirm.com, CN=mail.mclfirm.com, OU=StartCom Free Certificate Member, O=mclfirm.com, L=Chesapeake, S=Virginia, C=US

This exchange server hosts several different domain names:  @clrfirm.com, @mclfirm.com, and @mskpc.com.

At this point, I do not know whether we need to setup SSL on the virtual directories or not.  Based on the information provided, what is the next step?

0
MesthaCommented:
What did you do with anonymous?
You shouldn't need to change anything after the folders have been reset.

Furthermore, if your certificate is issued to mail.mclfirm.com then that is what you should be entering in to the ActiveSync product. However StartCom certificates aren't worth the hassle. They are just as bad as a self generated certificate because they aren't trusted by anything. You need to switch to a real trusted certificate - I usually suggest GoDaddy. https://CertificatesForExchange.com/ US$30/year.

Simon.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

cmp119IT ManagerAuthor Commented:
I followed the instructions as devfined on Method 1, bullet 10.

Reset the access permissions to Anonymous. To do this, follow these steps:
Start IIS Manager, right-click ExchWeb, click Properties, and then click the Directory Security tab.
Under Authentication and access control click Edit, and then verify that the Enable anonymous access check box is turned on.
Click to select the Integrated Windows authentication check box, click OK, and then click Apply.
If you an Inheritance Overrides dialog box appears, click Select All, and then click OK.
Under Authentication and access control, click Edit, and then click to clear the Integrated Windows authentication check box.
Click OK two times, and then quit IIS Manager.

I enter the ip address for mail.mclfirm.com (216.54.12.66).  Itt should work either way.  Actually I think it will automatically convert to the IP address when entering the FQN.

The problem now is OMA is not working at all after resetting all the virtual directories!?!?!?!?
0
cmp119IT ManagerAuthor Commented:
I tried syncing a Samsung Saga (WM6), and I recieve error code:  0x85010014
0
cmp119IT ManagerAuthor Commented:
Also after resetting the virtual directories I noticed virtual directory Exchange-oma was not recreated, but all others were.  I really need to get active sync working even without SSL support configured.  I will worry about that later if necessary.  The Exchange Server Application Log indicates Event ID 3005, Source:  Server ActiveSync and Event ID 1503, SourceL  MSExchangeOMA errors.  

You stated not doing anything, but I need to start doing something to get this going.  
DefaultWebVirtualDirectories.JPG
0
MesthaCommented:
The exchange-oma virtual directory is not created automatically unless you have SBS R2.
If you had the directory in place before then you need to either recreate it using the instructions in MSKB 817379 or remove the registry key to test things.

The error code you have posted is an authentication error, usually caused by forms based authentication being enabled or require SSL somewhere that shouldn't be.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cmp119IT ManagerAuthor Commented:
We do not have SBS, we use Exchange 2003 Standard Edition.  I've been trying to sync a phone this afternoon, and now the error code displays : 0x80072EE7.  I did a little research on the error and located a Microsoft article titled "How to troubleshoot server ActiveSynce HTTP error codes"  http://support.microsoft.com/kb/330463

I also ran the Exchange Server Remote Connectivity Analyzer.  This time I entered the Active Sync Server as mail.mclfirm.com instead of the IP address.  Look at the last line entry.  Should I go ahead a create the Exchange-oma virtual directory as explained in the above article?  Once I get active sync going without an SSL certificate I will purchase one from GoDaddy as suggested.  Right now I need to focus on getting activesync working again.  Any feedback is appreciated.  I need a bit of guidance here...

Connectivity Test Failed
 
Test Details
Copy to Clipboard Expand/Collapse  
Testing Exchange Activesync for host mail.mclfirm.com
Exchange Activesync test Failed
Test Steps
Attempting to Resolve the host name mail.mclfirm.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 216.54.12.66  
 
Testing TCP Port 443 on host mail.mclfirm.com to ensure it is listening/open.
The port was opened successfully.
 
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname mail.mclfirm.com in Certificate Subject Common name  
 
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 10/3/2008 5:53:51 AM, NotAfter = 10/3/2009 5:53:51 AM  
 
Testing Http Authentication Methods for URL https://mail.mclfirm.com/Microsoft-Server-Activesync/ 
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic  
 
Attempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Wed, 27 May 2009 20:23:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
 
Additional Details
Exchange Activesync returned an HTTP 500 response.  
0
cmp119IT ManagerAuthor Commented:
I removed the SSL certificate from the Default Website, and restarted IIS.  This did not make a difference.  
0
MesthaCommented:
If you had an Exchange-OMA directory then someone attempted to use 817379. Therefore you either have to recreate the virtual directory as per that KB article, or remove the registry key to use it.
Personally I am not a fan of the get it working without SSL method, because introducing SSL can cause lots more problems meaning the time has been wasted. I go straight for an SSL certificate as I will need to have one anyway and then when I have it working, it is there, done.

The error 500 is very generic unfortunately, doesn't really help with what the cause of the problem was.

Simon.
0
cmp119IT ManagerAuthor Commented:
I recreated the Exchange-oma as instructed from MSKB 817379, and oma works fine now.  I'll get an SSL Certitificate from GoDaddy to secure communications.  Thank you so much!  
0
cmp119IT ManagerAuthor Commented:
Mestha provided me with the information I needed.  I simply needed to read and follow it, and it worked!!!   Thanks Mestha...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.