ascnd
asked on
Mobile Phone 0x85010014 after running Internet Connection Wizard SBS 2003
Mobile Phone 0x85010014 after running Internet Connection Wizard SBS 2003
For years I never had a problem syncing my Exchange information with the SBS 2003 server with my Verizon mobile phone until I ran the Internet Connection Wizard to fix a problem that the best practices tool said I should fix. I can still access Outlook from a webpage. It's just the Active Sync error 0x85010014 on my phone that is keeping it from Syncing. Any ideas?
For years I never had a problem syncing my Exchange information with the SBS 2003 server with my Verizon mobile phone until I ran the Internet Connection Wizard to fix a problem that the best practices tool said I should fix. I can still access Outlook from a webpage. It's just the Active Sync error 0x85010014 on my phone that is keeping it from Syncing. Any ideas?
What did you change when running the CEICW? Perhaps the certificate?
If the sertificate changed or any other setting you will need to create a new connection to the Phone
Several suggestions in the following link related to that error, from making sure Outlook is open when you first sync to a test tool at the bottom of the link
http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/f5e9c302-5952-424a-840e-5768ccbb5aaa
Direct access to test tool:
https://store.accessmylan.com/main/diagnostic-tools?pos=nav
or another:
https://www.testexchangeconnectivity.com/Default.aspx
Several suggestions in the following link related to that error, from making sure Outlook is open when you first sync to a test tool at the bottom of the link
http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/f5e9c302-5952-424a-840e-5768ccbb5aaa
Direct access to test tool:
https://store.accessmylan.com/main/diagnostic-tools?pos=nav
or another:
https://www.testexchangeconnectivity.com/Default.aspx
Please have a read of my FAQ for Activesync with Exchange 2003 problems. Re-running the wizard may have set your IIS permissions up incorrectly for Activesync and they may need adjusting.
Alternatively, if you created a new SSL certificate, you will need to import the certificate to the phone if you are using the self-signed SSL certificate that SBS uses by default.
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=1
Alternatively, if you created a new SSL certificate, you will need to import the certificate to the phone if you are using the self-signed SSL certificate that SBS uses by default.
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=1
ASKER
I ran the ActiveSync test from www.testexchangeconnectivity.com and the result is below. Why would Port 443 be blocked? It's open on the firewall and properly fowared. It must have been that darn Internet Connection Wizard. I had all the boxes checked in the wizard for all the "services". What do I need to change?
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
Failed to test AutoDiscover for Exchange ActiveSync
Test Steps
Attempting each method of contacting the AutoDiscover Service
Failed to contact the AutoDiscover service successfully by any method
Test Steps
Attempting to test potential AutoDiscover URL https://xxxxxxx.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
Test Steps
Attempting to resolve the host name xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host xxxxxxx.com to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: No connection could be made because the target machine actively refused it 99.99.99.99:443
Type: System.Net.Sockets.SocketE xception
Stack Trace:
at System.Net.Sockets.TcpClie nt.Connect (String hostname, Int32 port)
at Microsoft.Exchange.Tools.E xRca.Tests .TcpPortTe st.Perform TestReally ()
Attempting to test potential AutoDiscover URL https://autodiscover.xxxxxxx.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
Test Steps
Attempting to resolve the host name autodiscover.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host autodiscover.xxxxxxx.com to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: No connection could be made because the target machine actively refused it 99.99.99.99:443
Type: System.Net.Sockets.SocketE xception
Stack Trace:
at System.Net.Sockets.TcpClie nt.Connect (String hostname, Int32 port)
at Microsoft.Exchange.Tools.E xRca.Tests .TcpPortTe st.Perform TestReally ()
Attempting to contact the AutoDiscover service using the HTTP redirect method.
Failed to contact AutoDiscover using the HTTP Redirect method
Test Steps
Attempting to resolve the host name autodiscover.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 80 on host autodiscover.xxxxxxx.com to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: No connection could be made because the target machine actively refused it 99.99.99.99:80
Type: System.Net.Sockets.SocketE xception
Stack Trace:
at System.Net.Sockets.TcpClie nt.Connect (String hostname, Int32 port)
at Microsoft.Exchange.Tools.E xRca.Tests .TcpPortTe st.Perform TestReally ()
Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.xxxxxxx .com in DNS.
Failed to find AutoDiscover SRV record in DNS.
Tell me more about this issue and how to resolve it
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
Failed to test AutoDiscover for Exchange ActiveSync
Test Steps
Attempting each method of contacting the AutoDiscover Service
Failed to contact the AutoDiscover service successfully by any method
Test Steps
Attempting to test potential AutoDiscover URL https://xxxxxxx.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
Test Steps
Attempting to resolve the host name xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host xxxxxxx.com to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: No connection could be made because the target machine actively refused it 99.99.99.99:443
Type: System.Net.Sockets.SocketE
Stack Trace:
at System.Net.Sockets.TcpClie
at Microsoft.Exchange.Tools.E
Attempting to test potential AutoDiscover URL https://autodiscover.xxxxxxx.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
Test Steps
Attempting to resolve the host name autodiscover.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host autodiscover.xxxxxxx.com to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: No connection could be made because the target machine actively refused it 99.99.99.99:443
Type: System.Net.Sockets.SocketE
Stack Trace:
at System.Net.Sockets.TcpClie
at Microsoft.Exchange.Tools.E
Attempting to contact the AutoDiscover service using the HTTP redirect method.
Failed to contact AutoDiscover using the HTTP Redirect method
Test Steps
Attempting to resolve the host name autodiscover.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 80 on host autodiscover.xxxxxxx.com to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: No connection could be made because the target machine actively refused it 99.99.99.99:80
Type: System.Net.Sockets.SocketE
Stack Trace:
at System.Net.Sockets.TcpClie
at Microsoft.Exchange.Tools.E
Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.xxxxxxx
Failed to find AutoDiscover SRV record in DNS.
Tell me more about this issue and how to resolve it
You have the right domain name and it resolves to the right IP? i.e. is 99.99.99.99 (I understand you changed this) correct? It could be checking port 443 on the wrong site.
I would also verify that is correct by going to the following site and testing for port 443 from the SBS
http://www.canyouseeme.org
If it is closed, on your router make sure "UPnP" is disabled, assuming present (usually in the firewall section), manually set forward or verify port 443 is forwarded, and re-run the CEICW again making sure the following are checked:
-Outlook Web Access
-Outlook Mobile Access
-Outlook via the Internet (shouldn't be necessary but won't hurt)
Keep in mind software firewalls like McAfee, TrendMicro, etc. can block the port too.
I would also verify that is correct by going to the following site and testing for port 443 from the SBS
http://www.canyouseeme.org
If it is closed, on your router make sure "UPnP" is disabled, assuming present (usually in the firewall section), manually set forward or verify port 443 is forwarded, and re-run the CEICW again making sure the following are checked:
-Outlook Web Access
-Outlook Mobile Access
-Outlook via the Internet (shouldn't be necessary but won't hurt)
Keep in mind software firewalls like McAfee, TrendMicro, etc. can block the port too.
ASKER
I tried the website and 443 is open (see below) it has to be something the CEICW changed. I have run and rerun the CEICW four times with no joy. I have even changed the cert and reinstalled it on my mobile and still no joy. I can use Outlook Web Access from any terminal and check my email just fine. It's just that bloody phone. This is driving me nuts. Thanks for sticking with me this far.
Success: I can see your service on 99.99.99.99 on port (443)
Your ISP is not blocking port 443
Success: I can see your service on 99.99.99.99 on port (443)
Your ISP is not blocking port 443
If you access OWA or better still RWW from off site do you get a certificate error?
ASKER
It's a Self-Signed Cert which is what I always used so when ever I access my OWA I always get prompted with the "There is a problem with this website's security certificate." message and I just click through via the "Continue to this website (not recommended). " link.
OWA does work from offsite though does it? That will confirm it is not a port 443 issue.
You did remove the old self signed cert from the phone, and install the new?
Other than that the only things I can think of is Exchange SP2 is not installed, but you say it was working before so that is not the case. and then possibly look at the suggestions in the link I posted earlier.
You did remove the old self signed cert from the phone, and install the new?
Other than that the only things I can think of is Exchange SP2 is not installed, but you say it was working before so that is not the case. and then possibly look at the suggestions in the link I posted earlier.
ASKER
Yes, OWA does work offsite. Yes, I installed the new cert on the phone, but I didn't do anything with the old one.
I checked and Exchange SP2 is installed. I'll go through your posts again, but if you come up with any other ideas then please let me know. Thanks for your all your help so far.
I checked and Exchange SP2 is installed. I'll go through your posts again, but if you come up with any other ideas then please let me know. Thanks for your all your help so far.
You should remove the old cert as there may be a conflict with old and new cert and same FQDN.
No other ideas right now but I will "stay tuned in".
No other ideas right now but I will "stay tuned in".
ASKER
Admin - don't close yet, still working on this.
If you open up IIS and expand your default website, are the properties for the default website set to use port 80 and 443 and IP as All Unassigned?
ASKER
Yes, the default website is set to use port 80 and 443 and the IP is All Unassigned.
Can you please run the Exchange Activesync test at https://testexchangeconnectivity.com.
DO NOT select the autodiscover test and please enter your details in manually then run the test and post the results.
DO NOT select the autodiscover test and please enter your details in manually then run the test and post the results.
ASKER
Here is the result:
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name neohdc01.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host neohdc01.xxxxxxx.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname neohdc01.xxxxxxx.com in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed
Tell me more about this issue and how to resolve it
Additional Details
The certificate chain did not end in a trusted root. Root = CN=neohdc01.xxxxxxx.com, CN=companyweb, CN=neohdc01, CN=localhost, CN=neohdc01.xxxxxxx.local
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name neohdc01.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host neohdc01.xxxxxxx.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname neohdc01.xxxxxxx.com in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed
Tell me more about this issue and how to resolve it
Additional Details
The certificate chain did not end in a trusted root. Root = CN=neohdc01.xxxxxxx.com, CN=companyweb, CN=neohdc01, CN=localhost, CN=neohdc01.xxxxxxx.local
As you have a self-certified certificate, can you please select the Ignore Trust for SSL and re-run the test and re-post the results.
ASKER
Sorry the above was because I didn't have the "Trust Cert" thing checked. Here is the real test:
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name neohdc01.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host neohdc01.xxxxxxx.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname neohdc01.xxxxxxx.com in Certificate Subject Common name
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 12/9/2009 4:15:43 AM, NotAfter = 12/9/2014 4:15:43 AM"
Testing Http Authentication Methods for URL https://neohdc01.xxxxxxx.com/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic
Attempting an ActiveSync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward ,SmartRepl y,GetAttac hment,GetH ierarchy,C reateColle ction,Dele teCollecti on,MoveCol lection,Fo lderSync,F olderCreat e,FolderDe lete,Folde rUpdate,Mo veItems,Ge tItemEstim ate,Meetin gResponse, ResolveRec ipients,Va lidateCert ,Provision ,Search,No tify,Ping
Content-Length: 0
Date: Fri, 18 Dec 2009 21:33:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name neohdc01.xxxxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.99.99.99
Testing TCP Port 443 on host neohdc01.xxxxxxx.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname neohdc01.xxxxxxx.com in Certificate Subject Common name
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 12/9/2009 4:15:43 AM, NotAfter = 12/9/2014 4:15:43 AM"
Testing Http Authentication Methods for URL https://neohdc01.xxxxxxx.com/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic
Attempting an ActiveSync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Content-Length: 0
Date: Fri, 18 Dec 2009 21:33:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A million thank you's!!!! What finally worked was the last part of your article which I have pasted below. You are a savior! Thank you so much!!!
" If okay - right-click on the Exchange Virtual Directory and select all Tasks> Save Configuration to a file. Name the file Exchange and save to the desktop
" Run Regedit (and be extremely careful here as you can kill your server very easily) then right-click on My Computer and select Export. Name the file as 'EntireRegistry' and save the backup of the registry to the desktop
" In regedit - locate HKLM \ System \ CurrentControlSet \ Services \ MasSync \ Parameters and delete the ExchangeVDir key from the right-hand pane.
" Close Regedit
" Right-click on the default-website and select New> Virtual Directory fom File. Browse to the desktop and click on the Exchange.xml that you created above, then click on Read file, select Exchange from the 'Select a configuration to import' section and click on OK. Select 'Create a new virtual Directory' and name the directory 'exchange-oma' and click OK.
" Right-click on Exchange-OMA virtual directory you just created and click Browse - you should see OWA open up happily
" Open Regedit and add the ExchangeVDir key back that you recently deleted as a String Value and then change the value to read /exchange-oma
" Close regedit
" Enable SSL and require 128-Bit Encryption on the Exchange Virtual Directory
" Enable Forms Based Authentication (if you want to use it) on Exchange> Protocols> HTTP
" Make sure that Integrated Authentication is enabled on the Exchange Virtual Directory
" Check that the Exchweb virtual directory does not have SSL enabled
" Run iisreset
" Test Activesync - should hopefully be working now
" If okay - right-click on the Exchange Virtual Directory and select all Tasks> Save Configuration to a file. Name the file Exchange and save to the desktop
" Run Regedit (and be extremely careful here as you can kill your server very easily) then right-click on My Computer and select Export. Name the file as 'EntireRegistry' and save the backup of the registry to the desktop
" In regedit - locate HKLM \ System \ CurrentControlSet \ Services \ MasSync \ Parameters and delete the ExchangeVDir key from the right-hand pane.
" Close Regedit
" Right-click on the default-website and select New> Virtual Directory fom File. Browse to the desktop and click on the Exchange.xml that you created above, then click on Read file, select Exchange from the 'Select a configuration to import' section and click on OK. Select 'Create a new virtual Directory' and name the directory 'exchange-oma' and click OK.
" Right-click on Exchange-OMA virtual directory you just created and click Browse - you should see OWA open up happily
" Open Regedit and add the ExchangeVDir key back that you recently deleted as a String Value and then change the value to read /exchange-oma
" Close regedit
" Enable SSL and require 128-Bit Encryption on the Exchange Virtual Directory
" Enable Forms Based Authentication (if you want to use it) on Exchange> Protocols> HTTP
" Make sure that Integrated Authentication is enabled on the Exchange Virtual Directory
" Check that the Exchweb virtual directory does not have SSL enabled
" Run iisreset
" Test Activesync - should hopefully be working now
ASKER
Awsome! Just Awesome!!
Ah, that part!
Yes, that has been a very useful recent addition to my FAQ . Glad you are sorted and thanks for points.
Yes, that has been a very useful recent addition to my FAQ . Glad you are sorted and thanks for points.