Exchange 2003 OMA Problem

Hi All,

I am having a problem with Exchange 2003 SP2 and OMA. If I browse to https://mydomain.com/oma I get the login prompt but when I enter a valid login I get the following error:

A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.

And when I test at https://testexchangeconnectivity.com I get the following error:

Attempting to Resolve the host name mail.mydomain.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 0.0.0.0

Testing TCP Port 443 on host mail.mydomain.com to ensure it is listening/open.
 The port was opened successfully.

Testing SSL Certificate for validity.
 The SSL Certificate failed one or more certificate validation checks.
Test Steps
 Validating certificate name
 Successfully validated the certificate name
Additional Details
 Found hostname mail.elizapurton.com.au in Certificate Subject Common name

Validating certificate trust for Windows Mobile Devices
 Certificate trust validation failed
 Tell me more about this issue and how to resolve it

Additional Details
 The certificate chain did not end in a trusted root. Root = CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

The certificate works fine on OWA... any ideas?

Any help would be greatly appreciated.

- Jason
jayman7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SaakarSenior Technical ConsultantCommented:
Hi Jason,

From OMA here I suspect that you are trying to work with Exchange ActiveSync to sync your Windows Mobile Devices with Exchange???

If yes, let's not use OMA because Exchange ActiveSync works with Microsoft-Server-ActiveSync Virtual directory in IIS, we don't even need OMA to work in case if you want to sync your mobile devices with Exchange.

- Dream
0
jayman7Author Commented:
Hi Dream,

Thanks for the response. I am trying to use it with an I-phone, does that need Oma?
0
MesthaCommented:
The root certificates from that issuer are not included in most mobile handhelds. That means the device will not trust the handheld. The usual consequence of that is a repeating authentication prompt.

Simon.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

JohnGerhardtCommented:
Hi jayman7,
https://mail.mydomain.com/OMA should pop up a log in box and should accept your UN and PWD, but it is normal that you get an error when using a web browser after logging in to this virtual directory.
As Simon has pointed out already, untrusted certificates can cause a whole lot of problems with mobile devices and syncing with active sync.
You now have two choices.
  • Change your certificate to a providor that is included in the iPhones trusted roots
  • Backup the iPhone, restore it, then add the email account again. This should make the phone forget anything that it has remember about the account and it's certificate, you will then be asked to accept the certificate and it should work.
0
SaakarSenior Technical ConsultantCommented:
Hey Jason,

Yes, iPhone uses Exchange ActiveSync, and try switcing off Wi-Fi and then try to configure Exchange ActiveSync, if you have a Public Certificate, it should already be present on iPhone and use OWA url, Username and password, if everthing is set up correctly, iPhone will sync with Exchange will all your mails on the device...

It does not require OMA to work.

- Dream
0
jayman7Author Commented:
Hi,

Thanks for the suggestions.

I added a new account on the iphone with the following settings:

Email: jcitizen@mydomain.com.au
Server: mail.mydomain.com.au (OWA URL)
Domain: mydomain
Username: jcitizen
Password: password
SSL: On

I get a message that says:

Cannot Get Mail
The connection to the server failed

Any ideas?
0
SaakarSenior Technical ConsultantCommented:
Hi Jason,

1. Did you follwed KB 817379, since you have SSL enabled?
2. Make sure that Exchange VDir in IIS has Windows Integrated Authentication enabled.
3. Check for any Application logs in Event Viewer, please paste the any error from Application logs.

I have a strong feeling that Step 1 should resolve your issue.

- Dream
0
jayman7Author Commented:
Hi Dream,

I checked the event log and this is the event that had been occuring:

Event Type:        Error
Event Source:    Server ActiveSync
Event Category:                None
Event ID:              3029
Date:                     30/06/2009
Time:                    1:44:07 PM
User:                     MYDOMAIN\jcitizen
Computer:          SERVER
Description:
The mailbox server [server.mydomain.local] has its [exchange] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

So I followed KB 817379 and created a virtual directory /ExchangeOMA.

The event has now stopped, however on the I-Phone I still get a message that says:

Cannot Get Mail
The connection to the server failed

My configuration details are now:

Email: jcitizen@mydomain.com.au
Server: mail.mydomain.com.au/ExchangeOMA
Domain: mydomain
Username: jcitizen
Password: password
SSL: Off (or On neither work)

Thanks for the help so far,

- Jason
0
SaakarSenior Technical ConsultantCommented:
Aaahhh I guess now I got the catch

My configuration details are now:

Email: jcitizen@mydomain.com.au
Server: mail.mydomain.com.au/ExchangeOMA  <- Here you just need the External OWA URL, say for eg: - my external OWA URL is https://mail.contoso.com/exchange
I will just enter mail.contoso.com, no ExchangeOMA or Exchange as well for that matter.

Rest all setting seems to be fine....

Did you tried to remove SSL from the Default Web Site and check without SSL on the device as well.

It might be a certificate issue as well, the intermediate certificate from Equifax Secure Global eBusiness CA-1 might not be present on the device...

Consider checking Exchange ActiveSync without SSL

Good Luck
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnGerhardtCommented:
Great, looks like we are getting there now..!
Can you follow saakar_rao's advice and just put the exchange server FQDN in the servername, nothing else.
Also now try the active sync test @ www.testexchangeconnectivity.com
 
0
jayman7Author Commented:
Woohoo! it works

Thanks a lot for the help

- Jason
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.