IIS Integrated windows authentication

I've had some troubles with my mobile device. Thought that IIS integrated window authentication was the problem. So I went to IIS -> server name -> web sites -> default website -> directory security -> turn on "enable anonymous access" -> turn of Integrated "windows authentication"
Then selected all the options available because I want windows authentication  off of all the places but I think that's what's gone wrong

Since then i don't have any normal connect from the internet to my (SBS 2003 R2 / SP2) server. No vpn / no owa / no oma
When I logon to /exchange i get the log-in screen but can't login with any login / password.
By /OMA i'm getting   A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator
My mobile phone get's the 0x85010004

That's what i discoverd so far, and I'm sure that i didn't change any other setting.

Did i do something wrong ? By turning of the integrated authentication ? Is there a possibillity  to restore these settings ? I Was almost ready to backup because it was a new installation. But the configuration whas almost complete so i don't have a backup

Thank you verry much for responding !
Theun111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aletjollyCommented:
Hello,

Kindly let me know the IIS authentication of the following:
Default website
Exchange
Public
OMA
Microsoft-server-activesync
exchange-oma(if present)

Note: Also it would really help if you can state the authentications of any other VDirs present which I have not mentioned here.

IIS authentication can be found under:
IIS manager=>properties of website/virtual directory =>Directory Security=>Click on the first EDIT button under Authentication and access control,
0
Theun111Author Commented:
Hello,

Default website -> only "Enable anonymous access" is enabled
Exchange -> only "Enable anonymous access" is enabled
Public -> only "Enable anonymous access" is enabled
OMA -> only "Enable anonymous access" is enabled
Microsft-server-activesync -> only "Enable anonymous access" is enabled
Exchange-oma only "Enable anonymous access" is enabled

Clienthelp -> only "Enable anonymous access" is enabled
ConnectComputer -> only "Enable anonymous access" is enabled
Exadmin -> only "Enable anonymous access" is enabled
Exchweb -> only "Enable anonymous access" is enabled
Public -> only "Enable anonymous access" is enabled

All the listed mappings are only enabled for anonymous access" is enabled

Thank you verry much for responding.
0
aletjollyCommented:
Kindly find below the default IIS authentication which are required:

Default website -> only "Enable anonymous access" is enabled
Exchange -> "Basic" should enabled
Public -> "Basic" should enabled
OMA -> "Basic" should enabled
Microsft-server-activesync -> "Basic" should enabled
Exchange-oma only "Basic + Windows Integrated" should enabled

Clienthelp -> only "Enable anonymous access" is enabled
ConnectComputer -> only "Enable anonymous access" is enabled
Exadmin -> "Windows Integrated" should enabled
Exchweb -> only "Enable anonymous access" is enabled


Please note that you can also enable Forms based Authentication(FBA) for OWA login provided you have certificate for OWA, find below the article for that:
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html

Now enabling the FBA for OWA will block Activesync communication, so kindly follow the below article :
http://support.microsoft.com/kb/817379
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Theun111Author Commented:
Ok. done the first part. Until the links.
Restarted IIS

/Exchange works fine !
/oma gives: Your user account has not been enabled for wireless access. Please contact your system administrator for additional assistance.
mobile phone gives 0x85010004

Can i just go further ? Or is there something else wrong ? Because with the standard settings it has to work. When I configure my telephone etc correctly. Or isn't this so ?
0
aletjollyCommented:
As far as mobile devices are windows mobile 5 /windows mobile 6 "/oma" do not come in picture so we can ignore that. Only "/Microsoft-Server-Activesync" comes in picture.
If this is the scenario locate the following registry subkey on Exchange Server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

If in case you find a string value "ExchangeVDir" delete it and initiate an iisreset.
Then try to re-create the activesync profile and sync it with the Exchange Server.
0
Theun111Author Commented:
Done this, only still getting the 0x85010004 error on my wm 6.1 device.
Done a hard reset to be sure renamed the mobile phone still nothing is happening.
Logged in on a different name but this has also no effect.

Oma is ok as far as i can see Administrator can login so it is a permissions problem. That i will find out only the active sync is more a problem.
0
aletjollyCommented:
Do we have Certificate on Exchange Server?
If no can you tell me that when configuring the Activesync profile on your phone are you using SSL enabled or deselected.
Also try to browse http://mail.domain.com/microsoft-server-activesync and login, tell me what is the result or error you get.
0
Theun111Author Commented:
The standard certificate from sbs.
But no verisign certificat yet, on the mobile phone there is no SSL selected

when i try to browse to the mail.domain/microsoft-server/activsync First i have login with my login name / password then i get a http: 501/ 505
"The website is unable to display the webpage"
0
aletjollyCommented:
IN IIS manager what is the authentication enabled and is SSL enabled?
For
Default website
Microsoft-Server-Activesync properties
0
Theun111Author Commented:
default website:
non is enabled only anonymous access
I have the options which i can select: server certificate / view / edit
require secure channel (SSH)= not enabled
ignore client certificate
enable client certificate mapping = not enabled
enable cerificate trust list = not enabled
default domain = blank

Microsoft-Server-Activesync:
Only basic authentication = on
default domain: is the domain of the server
I have the options which i can select: view / edit
server certificate = grey - non clickable
require secure channel (SSH) = not enabled


0
Theun111Author Commented:
btw i've done a iisreset in cmd only the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
is not coming back is this correct ? Or must is restart the whole server ?
0
aletjollyCommented:
Restart of the Server is not required, however I did see one culprit which can cause the issue we are facing "default domain: is the domain of the server" which is normally "\".
Kindly do the same and test it from mobile device and let me know the result.
0
Theun111Author Commented:
That's what i thought to, that's why i typed it.
ok. changed the domainname in to \ and to nothing but still no result.

Thank you so far for the support !
0
Theun111Author Commented:
At the moment we are (I think) a step further. I've put the registry key back
The phone says: syncing maps but now i'm getting a 0x85010014 error.

Reset the whole phone again this didn't help also read that some people changed the telephone name. Which didn't help either. So now i'm going to try some other things.

0
aletjollyCommented:
Hello Theun111,
Kindly remove the registry key which you have just created and initiate an iisreset.
Then again please confirm the authentication on Exchange virtual directory in IIS.
0
Theun111Author Commented:
Default website -> Enable anonymous access is only on
Microsoft-Server-Activesync -> Basic authentication is only on
Everything looks the same

If you need more information please say so.
0
aletjollyCommented:
Hello Theun111,
I am sorry that I wasn't clear enough in before log. I was asking about the authentication set on "/exchange" virtual directory in IIS of Exchange Server.
 
0
Theun111Author Commented:
Doesn't matter now youre clear haha
hereby:
Basic authentication is only on
\ is the default domain.
0
aletjollyCommented:
Hello Theun111,
Kindly enable Basic+WIndows Integrated authentication for the "/exchange" virtual directory in IIS of Exchange Server.
Initiate an iisreset and then try to sync mobile device with the Exchange Server.
0
Theun111Author Commented:
Hallo Aletjolly,

enabled basic + windows integrated authentication.
But sorry still getting the 0x85010014 error on the mobilephone
0
Theun111Author Commented:
Just wanted to tell you, that at the moment everything is working !!
Changed 2 things looking @ a working installation and looking at a vmware sbs which i wass working on just to test but which was a fresh install.

The 2+the registry key where things:
Default website added Integrated windows authentication
Exchange - added the default domain
Put back the registry which deleted first because they where in both installations there
A iisreset (which) i forgot the first time

I'm going to try later on which one did the trick because I want to know exactly why it did occur.
you will hear this from me as soon as possible !
0
Theun111Author Commented:
Ok. it was the V by default website.

First of all Aletjolly thank you for your patience. And for helping me to get threw the IIS configuration.
Learnt al lot ! One last question can I now go further with the other links ? For the certificate etc. ?

http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html

Now enabling the FBA for OWA will block Activesync communication, so kindly follow the below article :
http://support.microsoft.com/kb/817379

Points are going to you !

Ps. First i'm making a backup of the IIS configuration ;)
0
aletjollyCommented:
Theun111, if you want to implement Certificate on the Exchange Server then yes please follow the articles:
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html

Now with Certificate in place it may break the Activesync communication, so kindly follow:
http://support.microsoft.com/kb/817379

And yes do take the backup of the IIS.  ;)
http://support.microsoft.com/kb/324277
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Theun111Author Commented:
I'm going to try the certificate and IIS another time.

Thank you verry much again !
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.