blackberry9000
asked on
Exchange Activesync - FolderSync command test failed
Test conducted on https://www.testexchangeconnectivity.com/Default.aspx
Results attached,
I have followed all the steps on the link below and still no luck
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
I have to get 10 iphones to connect up and working on full sync.
any help would be amazing.
Richard
Results attached,
I have followed all the steps on the link below and still no luck
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
I have to get 10 iphones to connect up and working on full sync.
any help would be amazing.
Richard
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name mail.tcmserver.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 194.75.249.131
Testing TCP Port 443 on host mail.tcmserver.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname mail.tcmserver.com in Certificate Subject Common name
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 1/20/2010 9:00:14 AM, NotAfter = 1/20/2015 9:00:14 AM"
Testing Http Authentication Methods for URL https://mail.tcmserver.com/exchange/Microsoft-Server-Activesync/
Http Authentication Test failed
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
ASKER
I have made the changes and run the test again, results attached.
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name mail.tcmserver.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 194.75.249.131
Testing TCP Port 443 on host mail.tcmserver.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname mail.tcmserver.com in Certificate Subject Common name
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 1/20/2010 9:00:14 AM, NotAfter = 1/20/2015 9:00:14 AM"
Testing Http Authentication Methods for URL https://mail.tcmserver.com/exchange/Microsoft-Server-Activesync/
Http Authentication Test failed
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
ASKER
here are the test results if I use a admin test account.
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name mail.tcmserver.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 194.75.249.131
Testing TCP Port 443 on host mail.tcmserver.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname mail.tcmserver.com in Certificate Subject Common name
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 1/20/2010 9:00:14 AM, NotAfter = 1/20/2015 9:00:14 AM"
Testing Http Authentication Methods for URL https://mail.tcmserver.com/exchange/Microsoft-Server-Activesync/
Http Authentication Test failed
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
Ok can we reset the virtual directories follow method 2 of KB 883380.
IIsreset and then run the test
IIsreset and then run the test
ASKER
that was performed at 10am this morning with the same results
OK it is trying to Go to https://mail.tcmserver.com/exchange/Microsoft-Server-Activesync where as it should only be going to https://mail.tcmserver.com/Microsoft-Server-Activesync
Is there anykind of redirection set on the default website.
Go to properties of default website and go to Home directory and is there a redrected url selected.
from the server itself try to browse
https://localhost/Microsoft-Server-Activesync and check waht you get and post the result.
you should get http 501/505
Is there anykind of redirection set on the default website.
Go to properties of default website and go to Home directory and is there a redrected url selected.
from the server itself try to browse
https://localhost/Microsoft-Server-Activesync and check waht you get and post the result.
you should get http 501/505
ASKER
i can confirm that when I goto https://localhost/Microsoft-Server-Activesync I get prompted with a popup box and I enter my details then I get
The website is unable to display the webpage
HTTP 501/HTTP 505
The website is unable to display the webpage
HTTP 501/HTTP 505
Can you confirm the same from external machine in IE just type https://mail.tcmserver.com/Microsoft-Server-Activesync and see if you get the same result if u dont get same using url use public Ip
https://Publicip/Microsoft-Server-Activesync
If you get 501 and 505 from external machine just try to configure the mobile device. and see if you can .
I tried to open https://mail.tcmserver.com/microsoft-server-activesync there was certificate error.What kind of certificate you have ?
https://Publicip/Microsoft-Server-Activesync
If you get 501 and 505 from external machine just try to configure the mobile device. and see if you can .
I tried to open https://mail.tcmserver.com/microsoft-server-activesync there was certificate error.What kind of certificate you have ?
ASKER
we have a self signed cert
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please have public certificate or else install the certificate on the mobile manually (export from server and import on the mobile)
or just Sync mobile device without SSL ( not recommended) for this you will have to uncheck "require SSL" from mcrosoft-server-activesync virtual directory. and then IISreset
using the website you will keep getting errors.as it looks for Public certificate.
Activesync seems to be configured fine as you geeting 501/505 externally and internally. you just need to configure device and have proper SSL or sync without SSl ( not reccomended)
or just Sync mobile device without SSL ( not recommended) for this you will have to uncheck "require SSL" from mcrosoft-server-activesync
using the website you will keep getting errors.as it looks for Public certificate.
Activesync seems to be configured fine as you geeting 501/505 externally and internally. you just need to configure device and have proper SSL or sync without SSl ( not reccomended)
And if it is a single server and exchange 2003 and as you have SSL enabled on exchange or ristriction set on Exchange.please create exchange-oma using method 2 of KB 817379.
ASKER
Right when I connect to https://mail.tcmserver.com/microsoft-server-activesync from a remote office in Derby I can get to the page but I get a cert error and I say continue then I get a popup box and I login and I get
HTTP/1.1 501 Not Implemented
I get the same when I try using our public ip address
Should we be using a pro ssl or is there one we can use for free?
HTTP/1.1 501 Not Implemented
I get the same when I try using our public ip address
Should we be using a pro ssl or is there one we can use for free?
You don't need a 3rd party certificate - you can use the self-certified certificate.
Please read my post above - it should solve your problems.
Please read my post above - it should solve your problems.
if you are comfortable with exporting and importing certificate manually in each device then you dont need public certificate. selfsigned certificate will do the job.
IIS > Default website > properties > directory security > viewcertificate> detail tab > copy to file > do not export public key > next >next > provide location>finish.
you will have .cer file created you need to get that file in you mobile and then install it.
or you can even sync mobile without SSl ( which is insecure)
IIS > Default website > properties > directory security > viewcertificate> detail tab > copy to file > do not export public key > next >next > provide location>finish.
you will have .cer file created you need to get that file in you mobile and then install it.
or you can even sync mobile without SSl ( which is insecure)
ASKER
I have extracted the CER file and installed it on the iphone, I have rebooted the iphone and tried to connect again with the following error.
The Connection to the server has failed
The Connection to the server has failed
ASKER
if I change my server address on the iphone to https://mail.tcmserver.com/microsoft-server-activesync it works .. it all works....
That is not the correct way to make it work.
ASKER
ohh....how should it be done
iPhones don't really care about your certificate - they will work with whatever you have. If you are happy with it the way it is - great - but I would not be personally.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
can you help to get it perfect
Have a read through my FAQ and please check the settings. I posted about your IP Address restrictions too - which you seem to have missed.
From your above posts:
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)
This has not been addressed by anyone yet - which I posted about above.
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)
This has not been addressed by anyone yet - which I posted about above.
ASKER
it is now working just using mail.tcmserver.com
You still have IP Address restrictions in place.
ASKER
yes IP Address restrictions are still in place
If you have IP Address restrictions - you won't be able to access Activesync properly, nor OWA etc.
ASKER
you need to follow all the steps.... but in the end it will work
Strat > run > cmd > IISRESET.
run the test again.