Exchange 2010 Active Sync issue, can't get it to work

wilnitecbiz
wilnitecbiz used Ask the Experts™
on
Hi guys,

We are running Exchange 2010. Everything is working except Active Sync. I can't get it to work. Below I have posted the results from testexchangeconnectivity.com
Our Exchange ActiveSync configuration is all default.

I also get the following error event in the application log of the Exchange server when I try to synchronize my smartphone through ActiveSync:
Log Name:      Application
Source:        MSExchange ActiveSync
Date:          1/29/2010 8:46:19 PM
Event ID:      1100
Task Category: Requests
Level:         Error
Keywords:      Classic
User:          N/A
Description:
Exchange ActiveSync device requests for your users are being blocked. This problem frequently occurs when the HTTP OPTIONS method request isn't allowed by the firewall. Please check the firewall that filters requests in front of your Client Access server and the Microsoft-Server-ActiveSync virtual directory.
---------------------------

Results from testexchangeconnectivity.com:

Testing Exchange ActiveSync
 Exchange ActiveSync test Failed
 Test Steps
 Attempting to resolve the host name {domain-name} in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: {public-ip}

Testing TCP Port 443 on host {domain-name} to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname {domain-name} in Certificate Subject Common name

Validating certificate trust for Windows Mobile Devices
 Certificate is trusted and all certificates are present in chain
 Additional Details
 Certificate is trusted for Windows Mobile 5 and Later platforms. Root = OU=Equifax Secure Certificate Authority, O=Equifax, C=US

Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
 Additional Details
 Certificate is valid: NotBefore = 7/7/2009 10:28:37 AM, NotAfter = 9/6/2011 10:06:57 PM"

Testing Http Authentication Methods for URL https://{domain-name}/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

Attempting an ActiveSync session with server
 Errors were encountered while testing the ActiveSync session
 Test Steps
 Attempting to send OPTIONS command to server
 Testing the OPTIONS command failed. See Additional Details for more info
 Additional Details
 A Web Exception occurred because an HTTP 401 - Unauthorized response was received from IIS7
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Awarded 2009
Top Expert 2010

Commented:
What firewall do you have in between the exchange server?
This is causing the problem.

Author

Commented:
Cisco 5510. However, ActiveSync was working fine when we used Ex2007. Some firewall configuration.
Awarded 2009
Top Expert 2010

Commented:
I am not familiar with cisco firewalls but does the rule you use have an HTTP Options section?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Awarded 2009
Top Expert 2010

Commented:
Also do you have any security software on the CAS?
If so can you uninstall it

Author

Commented:
It does have an http inspect feature, but we're not using it. I wonder if ActiveSync in Ex2010 is not the same as Ex2007.

Author

Commented:
Ok, I tried this. I unloaded the trend micro scanner and disabled the Windows firewall on the Exchange server. But it's still the same isse.
Awarded 2009
Top Expert 2010

Commented:
Can you use it internally? Using a wifi connection for example?
This would help eliminate the Cisco firewall as being the problem
Awarded 2009
Top Expert 2010

Commented:
Did you disable both the publc and private windows firewall?
Awarded 2009
Top Expert 2010

Commented:
It might also be worth double checking you have all the pre-requisites installed as per: http://technet.microsoft.com/en-us/library/bb691354.aspx

note the different script for 2008 R2

Author

Commented:
Thanks. Yes, I actually used the same website when I installed the pre-requisites.

About the wifi-test you mentioned above, I will try this out. Will let you know shortly.
Awarded 2009
Top Expert 2010

Commented:
Have you enabled HTTP fixup on the Cisco? If so disable it.
The account that you are using to test... is it a member of any administrator group?

If yes then create a new user with a mailbox with default permissions. Test it with that user.

In Exchnage 2010, if a user is a member of any Administrator group, then he will not be able to sync his mobile device. It is by design. However there is a workaround that we can follow.

But before that check it with a test user.

Let us know how it goes.

Awarded 2009
Top Expert 2010

Commented:
If it is a member of any built in groups then in active directory users and computers under the view menu select Advanced options

then on the user properties select the security tab then click advanced ensure the inheritable permissions check box is checked.

Apply that and then try again

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial