Solved

Exchange 2003 OMA Problem

Posted on 2009-06-28
11
403 Views
Last Modified: 2013-12-05
Hi All,

I am having a problem with Exchange 2003 SP2 and OMA. If I browse to https://mydomain.com/oma I get the login prompt but when I enter a valid login I get the following error:

A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.

And when I test at https://testexchangeconnectivity.com I get the following error:

Attempting to Resolve the host name mail.mydomain.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 0.0.0.0

Testing TCP Port 443 on host mail.mydomain.com to ensure it is listening/open.
 The port was opened successfully.

Testing SSL Certificate for validity.
 The SSL Certificate failed one or more certificate validation checks.
Test Steps
 Validating certificate name
 Successfully validated the certificate name
Additional Details
 Found hostname mail.elizapurton.com.au in Certificate Subject Common name

Validating certificate trust for Windows Mobile Devices
 Certificate trust validation failed
 Tell me more about this issue and how to resolve it

Additional Details
 The certificate chain did not end in a trusted root. Root = CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

The certificate works fine on OWA... any ideas?

Any help would be greatly appreciated.

- Jason
0
Comment
Question by:jayman7
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:Saakar
ID: 24733732
Hi Jason,

From OMA here I suspect that you are trying to work with Exchange ActiveSync to sync your Windows Mobile Devices with Exchange???

If yes, let's not use OMA because Exchange ActiveSync works with Microsoft-Server-ActiveSync Virtual directory in IIS, we don't even need OMA to work in case if you want to sync your mobile devices with Exchange.

- Dream
0
 

Author Comment

by:jayman7
ID: 24734014
Hi Dream,

Thanks for the response. I am trying to use it with an I-phone, does that need Oma?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24738151
The root certificates from that issuer are not included in most mobile handhelds. That means the device will not trust the handheld. The usual consequence of that is a repeating authentication prompt.

Simon.
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24739921
Hi jayman7,
https://mail.mydomain.com/OMA should pop up a log in box and should accept your UN and PWD, but it is normal that you get an error when using a web browser after logging in to this virtual directory.
As Simon has pointed out already, untrusted certificates can cause a whole lot of problems with mobile devices and syncing with active sync.
You now have two choices.
  • Change your certificate to a providor that is included in the iPhones trusted roots
  • Backup the iPhone, restore it, then add the email account again. This should make the phone forget anything that it has remember about the account and it's certificate, you will then be asked to accept the certificate and it should work.
0
 
LVL 12

Expert Comment

by:Saakar
ID: 24740438
Hey Jason,

Yes, iPhone uses Exchange ActiveSync, and try switcing off Wi-Fi and then try to configure Exchange ActiveSync, if you have a Public Certificate, it should already be present on iPhone and use OWA url, Username and password, if everthing is set up correctly, iPhone will sync with Exchange will all your mails on the device...

It does not require OMA to work.

- Dream
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:jayman7
ID: 24741118
Hi,

Thanks for the suggestions.

I added a new account on the iphone with the following settings:

Email: jcitizen@mydomain.com.au
Server: mail.mydomain.com.au (OWA URL)
Domain: mydomain
Username: jcitizen
Password: password
SSL: On

I get a message that says:

Cannot Get Mail
The connection to the server failed

Any ideas?
0
 
LVL 12

Expert Comment

by:Saakar
ID: 24741306
Hi Jason,

1. Did you follwed KB 817379, since you have SSL enabled?
2. Make sure that Exchange VDir in IIS has Windows Integrated Authentication enabled.
3. Check for any Application logs in Event Viewer, please paste the any error from Application logs.

I have a strong feeling that Step 1 should resolve your issue.

- Dream
0
 

Author Comment

by:jayman7
ID: 24742422
Hi Dream,

I checked the event log and this is the event that had been occuring:

Event Type:        Error
Event Source:    Server ActiveSync
Event Category:                None
Event ID:              3029
Date:                     30/06/2009
Time:                    1:44:07 PM
User:                     MYDOMAIN\jcitizen
Computer:          SERVER
Description:
The mailbox server [server.mydomain.local] has its [exchange] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

So I followed KB 817379 and created a virtual directory /ExchangeOMA.

The event has now stopped, however on the I-Phone I still get a message that says:

Cannot Get Mail
The connection to the server failed

My configuration details are now:

Email: jcitizen@mydomain.com.au
Server: mail.mydomain.com.au/ExchangeOMA
Domain: mydomain
Username: jcitizen
Password: password
SSL: Off (or On neither work)

Thanks for the help so far,

- Jason
0
 
LVL 12

Accepted Solution

by:
Saakar earned 500 total points
ID: 24742680
Aaahhh I guess now I got the catch

My configuration details are now:

Email: jcitizen@mydomain.com.au
Server: mail.mydomain.com.au/ExchangeOMA  <- Here you just need the External OWA URL, say for eg: - my external OWA URL is https://mail.contoso.com/exchange
I will just enter mail.contoso.com, no ExchangeOMA or Exchange as well for that matter.

Rest all setting seems to be fine....

Did you tried to remove SSL from the Default Web Site and check without SSL on the device as well.

It might be a certificate issue as well, the intermediate certificate from Equifax Secure Global eBusiness CA-1 might not be present on the device...

Consider checking Exchange ActiveSync without SSL

Good Luck
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24748201
Great, looks like we are getting there now..!
Can you follow saakar_rao's advice and just put the exchange server FQDN in the servername, nothing else.
Also now try the active sync test @ www.testexchangeconnectivity.com
 
0
 

Author Comment

by:jayman7
ID: 24750542
Woohoo! it works

Thanks a lot for the help

- Jason
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now