Theun111
asked on
IIS Integrated windows authentication
I've had some troubles with my mobile device. Thought that IIS integrated window authentication was the problem. So I went to IIS -> server name -> web sites -> default website -> directory security -> turn on "enable anonymous access" -> turn of Integrated "windows authentication"
Then selected all the options available because I want windows authentication off of all the places but I think that's what's gone wrong
Since then i don't have any normal connect from the internet to my (SBS 2003 R2 / SP2) server. No vpn / no owa / no oma
When I logon to /exchange i get the log-in screen but can't login with any login / password.
By /OMA i'm getting A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator
My mobile phone get's the 0x85010004
That's what i discoverd so far, and I'm sure that i didn't change any other setting.
Did i do something wrong ? By turning of the integrated authentication ? Is there a possibillity to restore these settings ? I Was almost ready to backup because it was a new installation. But the configuration whas almost complete so i don't have a backup
Thank you verry much for responding !
Then selected all the options available because I want windows authentication off of all the places but I think that's what's gone wrong
Since then i don't have any normal connect from the internet to my (SBS 2003 R2 / SP2) server. No vpn / no owa / no oma
When I logon to /exchange i get the log-in screen but can't login with any login / password.
By /OMA i'm getting A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator
My mobile phone get's the 0x85010004
That's what i discoverd so far, and I'm sure that i didn't change any other setting.
Did i do something wrong ? By turning of the integrated authentication ? Is there a possibillity to restore these settings ? I Was almost ready to backup because it was a new installation. But the configuration whas almost complete so i don't have a backup
Thank you verry much for responding !
ASKER
Hello,
Default website -> only "Enable anonymous access" is enabled
Exchange -> only "Enable anonymous access" is enabled
Public -> only "Enable anonymous access" is enabled
OMA -> only "Enable anonymous access" is enabled
Microsft-server-activesync -> only "Enable anonymous access" is enabled
Exchange-oma only "Enable anonymous access" is enabled
Clienthelp -> only "Enable anonymous access" is enabled
ConnectComputer -> only "Enable anonymous access" is enabled
Exadmin -> only "Enable anonymous access" is enabled
Exchweb -> only "Enable anonymous access" is enabled
Public -> only "Enable anonymous access" is enabled
All the listed mappings are only enabled for anonymous access" is enabled
Thank you verry much for responding.
Default website -> only "Enable anonymous access" is enabled
Exchange -> only "Enable anonymous access" is enabled
Public -> only "Enable anonymous access" is enabled
OMA -> only "Enable anonymous access" is enabled
Microsft-server-activesync
Exchange-oma only "Enable anonymous access" is enabled
Clienthelp -> only "Enable anonymous access" is enabled
ConnectComputer -> only "Enable anonymous access" is enabled
Exadmin -> only "Enable anonymous access" is enabled
Exchweb -> only "Enable anonymous access" is enabled
Public -> only "Enable anonymous access" is enabled
All the listed mappings are only enabled for anonymous access" is enabled
Thank you verry much for responding.
Kindly find below the default IIS authentication which are required:
Default website -> only "Enable anonymous access" is enabled
Exchange -> "Basic" should enabled
Public -> "Basic" should enabled
OMA -> "Basic" should enabled
Microsft-server-activesync -> "Basic" should enabled
Exchange-oma only "Basic + Windows Integrated" should enabled
Clienthelp -> only "Enable anonymous access" is enabled
ConnectComputer -> only "Enable anonymous access" is enabled
Exadmin -> "Windows Integrated" should enabled
Exchweb -> only "Enable anonymous access" is enabled
Please note that you can also enable Forms based Authentication(FBA) for OWA login provided you have certificate for OWA, find below the article for that:
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
Now enabling the FBA for OWA will block Activesync communication, so kindly follow the below article :
http://support.microsoft.com/kb/817379
Default website -> only "Enable anonymous access" is enabled
Exchange -> "Basic" should enabled
Public -> "Basic" should enabled
OMA -> "Basic" should enabled
Microsft-server-activesync
Exchange-oma only "Basic + Windows Integrated" should enabled
Clienthelp -> only "Enable anonymous access" is enabled
ConnectComputer -> only "Enable anonymous access" is enabled
Exadmin -> "Windows Integrated" should enabled
Exchweb -> only "Enable anonymous access" is enabled
Please note that you can also enable Forms based Authentication(FBA) for OWA login provided you have certificate for OWA, find below the article for that:
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
Now enabling the FBA for OWA will block Activesync communication, so kindly follow the below article :
http://support.microsoft.com/kb/817379
ASKER
Ok. done the first part. Until the links.
Restarted IIS
/Exchange works fine !
/oma gives: Your user account has not been enabled for wireless access. Please contact your system administrator for additional assistance.
mobile phone gives 0x85010004
Can i just go further ? Or is there something else wrong ? Because with the standard settings it has to work. When I configure my telephone etc correctly. Or isn't this so ?
Restarted IIS
/Exchange works fine !
/oma gives: Your user account has not been enabled for wireless access. Please contact your system administrator for additional assistance.
mobile phone gives 0x85010004
Can i just go further ? Or is there something else wrong ? Because with the standard settings it has to work. When I configure my telephone etc correctly. Or isn't this so ?
As far as mobile devices are windows mobile 5 /windows mobile 6 "/oma" do not come in picture so we can ignore that. Only "/Microsoft-Server-Actives ync" comes in picture.
If this is the scenario locate the following registry subkey on Exchange Server:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Mas Sync\Param eters
If in case you find a string value "ExchangeVDir" delete it and initiate an iisreset.
Then try to re-create the activesync profile and sync it with the Exchange Server.
If this is the scenario locate the following registry subkey on Exchange Server:
HKEY_LOCAL_MACHINE\SYSTEM\
If in case you find a string value "ExchangeVDir" delete it and initiate an iisreset.
Then try to re-create the activesync profile and sync it with the Exchange Server.
ASKER
Done this, only still getting the 0x85010004 error on my wm 6.1 device.
Done a hard reset to be sure renamed the mobile phone still nothing is happening.
Logged in on a different name but this has also no effect.
Oma is ok as far as i can see Administrator can login so it is a permissions problem. That i will find out only the active sync is more a problem.
Done a hard reset to be sure renamed the mobile phone still nothing is happening.
Logged in on a different name but this has also no effect.
Oma is ok as far as i can see Administrator can login so it is a permissions problem. That i will find out only the active sync is more a problem.
Do we have Certificate on Exchange Server?
If no can you tell me that when configuring the Activesync profile on your phone are you using SSL enabled or deselected.
Also try to browse http://mail.domain.com/microsoft-server-activesync and login, tell me what is the result or error you get.
If no can you tell me that when configuring the Activesync profile on your phone are you using SSL enabled or deselected.
Also try to browse http://mail.domain.com/microsoft-server-activesync and login, tell me what is the result or error you get.
ASKER
The standard certificate from sbs.
But no verisign certificat yet, on the mobile phone there is no SSL selected
when i try to browse to the mail.domain/microsoft-serv er/activsy nc First i have login with my login name / password then i get a http: 501/ 505
"The website is unable to display the webpage"
But no verisign certificat yet, on the mobile phone there is no SSL selected
when i try to browse to the mail.domain/microsoft-serv
"The website is unable to display the webpage"
IN IIS manager what is the authentication enabled and is SSL enabled?
For
Default website
Microsoft-Server-Activesyn c properties
For
Default website
Microsoft-Server-Activesyn
ASKER
default website:
non is enabled only anonymous access
I have the options which i can select: server certificate / view / edit
require secure channel (SSH)= not enabled
ignore client certificate
enable client certificate mapping = not enabled
enable cerificate trust list = not enabled
default domain = blank
Microsoft-Server-Activesyn c:
Only basic authentication = on
default domain: is the domain of the server
I have the options which i can select: view / edit
server certificate = grey - non clickable
require secure channel (SSH) = not enabled
non is enabled only anonymous access
I have the options which i can select: server certificate / view / edit
require secure channel (SSH)= not enabled
ignore client certificate
enable client certificate mapping = not enabled
enable cerificate trust list = not enabled
default domain = blank
Microsoft-Server-Activesyn
Only basic authentication = on
default domain: is the domain of the server
I have the options which i can select: view / edit
server certificate = grey - non clickable
require secure channel (SSH) = not enabled
ASKER
btw i've done a iisreset in cmd only the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Mas Sync\Param eters
is not coming back is this correct ? Or must is restart the whole server ?
is not coming back is this correct ? Or must is restart the whole server ?
Restart of the Server is not required, however I did see one culprit which can cause the issue we are facing "default domain: is the domain of the server" which is normally "\".
Kindly do the same and test it from mobile device and let me know the result.
Kindly do the same and test it from mobile device and let me know the result.
ASKER
That's what i thought to, that's why i typed it.
ok. changed the domainname in to \ and to nothing but still no result.
Thank you so far for the support !
ok. changed the domainname in to \ and to nothing but still no result.
Thank you so far for the support !
ASKER
At the moment we are (I think) a step further. I've put the registry key back
The phone says: syncing maps but now i'm getting a 0x85010014 error.
Reset the whole phone again this didn't help also read that some people changed the telephone name. Which didn't help either. So now i'm going to try some other things.
The phone says: syncing maps but now i'm getting a 0x85010014 error.
Reset the whole phone again this didn't help also read that some people changed the telephone name. Which didn't help either. So now i'm going to try some other things.
Hello Theun111,
Kindly remove the registry key which you have just created and initiate an iisreset.
Then again please confirm the authentication on Exchange virtual directory in IIS.
Kindly remove the registry key which you have just created and initiate an iisreset.
Then again please confirm the authentication on Exchange virtual directory in IIS.
ASKER
Default website -> Enable anonymous access is only on
Microsoft-Server-Activesyn c -> Basic authentication is only on
Everything looks the same
If you need more information please say so.
Microsoft-Server-Activesyn
Everything looks the same
If you need more information please say so.
Hello Theun111,
I am sorry that I wasn't clear enough in before log. I was asking about the authentication set on "/exchange" virtual directory in IIS of Exchange Server.
I am sorry that I wasn't clear enough in before log. I was asking about the authentication set on "/exchange" virtual directory in IIS of Exchange Server.
ASKER
Doesn't matter now youre clear haha
hereby:
Basic authentication is only on
\ is the default domain.
hereby:
Basic authentication is only on
\ is the default domain.
Hello Theun111,
Kindly enable Basic+WIndows Integrated authentication for the "/exchange" virtual directory in IIS of Exchange Server.
Initiate an iisreset and then try to sync mobile device with the Exchange Server.
Kindly enable Basic+WIndows Integrated authentication for the "/exchange" virtual directory in IIS of Exchange Server.
Initiate an iisreset and then try to sync mobile device with the Exchange Server.
ASKER
Hallo Aletjolly,
enabled basic + windows integrated authentication.
But sorry still getting the 0x85010014 error on the mobilephone
enabled basic + windows integrated authentication.
But sorry still getting the 0x85010014 error on the mobilephone
ASKER
Just wanted to tell you, that at the moment everything is working !!
Changed 2 things looking @ a working installation and looking at a vmware sbs which i wass working on just to test but which was a fresh install.
The 2+the registry key where things:
Default website added Integrated windows authentication
Exchange - added the default domain
Put back the registry which deleted first because they where in both installations there
A iisreset (which) i forgot the first time
I'm going to try later on which one did the trick because I want to know exactly why it did occur.
you will hear this from me as soon as possible !
Changed 2 things looking @ a working installation and looking at a vmware sbs which i wass working on just to test but which was a fresh install.
The 2+the registry key where things:
Default website added Integrated windows authentication
Exchange - added the default domain
Put back the registry which deleted first because they where in both installations there
A iisreset (which) i forgot the first time
I'm going to try later on which one did the trick because I want to know exactly why it did occur.
you will hear this from me as soon as possible !
ASKER
Ok. it was the V by default website.
First of all Aletjolly thank you for your patience. And for helping me to get threw the IIS configuration.
Learnt al lot ! One last question can I now go further with the other links ? For the certificate etc. ?
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
Now enabling the FBA for OWA will block Activesync communication, so kindly follow the below article :
http://support.microsoft.com/kb/817379
Points are going to you !
Ps. First i'm making a backup of the IIS configuration ;)
First of all Aletjolly thank you for your patience. And for helping me to get threw the IIS configuration.
Learnt al lot ! One last question can I now go further with the other links ? For the certificate etc. ?
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
Now enabling the FBA for OWA will block Activesync communication, so kindly follow the below article :
http://support.microsoft.com/kb/817379
Points are going to you !
Ps. First i'm making a backup of the IIS configuration ;)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm going to try the certificate and IIS another time.
Thank you verry much again !
Thank you verry much again !
Kindly let me know the IIS authentication of the following:
Default website
Exchange
Public
OMA
Microsoft-server-activesyn
exchange-oma(if present)
Note: Also it would really help if you can state the authentications of any other VDirs present which I have not mentioned here.
IIS authentication can be found under:
IIS manager=>properties of website/virtual directory =>Directory Security=>Click on the first EDIT button under Authentication and access control,