• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 679
  • Last Modified:

Windows Mobile IE unable to access Exchange 2007 OWA through ISA 2006 OWA Web Publishing


I've actually got quite a funny problem. I'm running Exchange 2007 with ISA 2006 doing my OWA Web Publishing for Internet-based connections. It seems to be working fine as I can access it from any internet based computers on IE, Opera, Safari and other Web Explorers as well.

From PDAs and only on Windows Mobile based PDAs, I cannot log in to the OWA site via the https://webmail.domain.com/owa link. The error that I get is:

Code: 401 Unauthorized. The server requires authentication to fulfill the request. Access to the Web Server is denied. Contact the server administrator. (12209)

However, from the same Windows Mobile based PDAs, if I use Opera to browse to the site, it works fine. Any suggestion guys cause I'm stumped.

Thanks in advance.

  • 2
1 Solution
do you have site certificates loaded that need to be copied into the phone?
In the ISA Server MMC
- on the left side
- go to the properties of the server / array
- go to the "Incoming Web Requests" Tab
- uncheck the box "Ask unauthenticated users for identification"

pepelepew8Author Commented:
Hi Sam,

The solution which you provided was actually applicable to ISA Server 2000 only. I've already seen the MS article which you were looking at. As I'm running ISA Server 2006, the Incoming Web Request tab isn't even there.

pepelepew8Author Commented:
Decided to call GTEC Support for this. Enclosed is the resolution steps presented by Microsoft to solve this problem:

In Live meeting, we have following findings:
l      Your ISA is 2006.
l      The listener of OWA publish rule is using HTML Form based authentication.
l      You have a HTTP 401 error on mobile phone.

This scenario matches a known issue. The cause is that xHTML template is not available for Exchange template on ISA.

To fix this issue, we can copy the xHTML template from the default template to the Exchange template:
1.      Create a new folder, for example, Cust1, under \CookieAuthTemplates.
2.      Copy cHTML and xHTML folder from \CookieAuthTemplates\ISA into \CookieAuthTemplates\Cust1.
3.      Copy HTML folder from \CookieAuthTemplates\Exchange into \CookieAuthTemplates\Cust1.
4.      In ISA management console, right-click on the publishing rule, and select Properties.
5.      Select Application Settings tab and change the HTML form dir from Exchange to Cust1.
6.      Apply the change.
7.      You MUST restart ISA firewall service after the change.
8.      After the change, Windows CE mobile clients should also get a login form.

For later devices with Windows Mobile 5.0 AKU3 or later, after the change, client
may still encounter HTTP 500 error. This is caused by a known issue in the FBA
filter handling user-agent string. To resolve this issue, we may force ISA to
provide HTML4 template to these devices by running the following script:

Dim root
Set root = CreateObject("FPC.Root")

Dim array
Dim userAgentMappings
Dim userAgentMapping
Dim order

Set array = root.Arrays(1)
Set userAgentMappings = array.RuleElements.UserAgentMappings

'Remove the agent if already exists
On Error Resume Next

Set userAgentMapping = userAgentMappings.Add("*IEMobile*", 0)

Set order = userAgentMapping.order

WScript.Echo userAgentMapping.UserAgent & " Order = " & userAgentMapping.order

While userAgentMapping.order > 1
WScript.Echo "Order = " & userAgentMapping.order

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now