asked on Exchange 2003 Activesync - some accounts able to authenticate, some return a 403 error on Exchange and can't connect on mobile devices
The environment has 1 front end OWA/Activesync server and a 1 back end mailbox server where all the mailboxes are located. I have checked the Exchange Features of the accounts that can't connect and they are set identically allowing access at the account level. I have gone as far as copying an account that can access Activesync to a test account name and then trying to connect with the test account with no luck.
I know Activesync is up and running as several accounts are able to sync up without a problem on various mobile devices. The SSL certificate is valid and we have no problems with any accounts accessing their email via Outlook Web Access.
If I create a new account I get the same results. If anyone has seen this problem before or if anyone has any suggestions as to what steps I should take to troubleshoot, I would highly appreciate it.
Thanks,
Dan
I know Activesync is up and running as several accounts are able to sync up without a problem on various mobile devices. The SSL certificate is valid and we have no problems with any accounts accessing their email via Outlook Web Access.
If I create a new account I get the same results. If anyone has seen this problem before or if anyone has any suggestions as to what steps I should take to troubleshoot, I would highly appreciate it.
Thanks,
Dan
Exchange
Last Comment
Alan Hardisty
You will find that referenced in my article as well as KB 883380 and KB 937635.
Okay
ASKER
I tried running the remote activesync test suggested by alanhardisty. All the accounts that are able to connect successfully passed the activesync test on the site. When trying to connect to a new AD account w/mailbox, I am getting the following results:
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
My article covers all you need to do to resolve those errors (https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html)
If you have forms-based authentication enabled or have SSL enabled on the Exchange virtual directory (as a result of FBA), then KB817379 will guide you through setting up an alternative virtual directory with SSL disabled.
You may also need to reset the virtual directories by following method 2 of KB883380.
If you have forms-based authentication enabled or have SSL enabled on the Exchange virtual directory (as a result of FBA), then KB817379 will guide you through setting up an alternative virtual directory with SSL disabled.
You may also need to reset the virtual directories by following method 2 of KB883380.
Please find IIS authentication type and the SSL requirement for Exchange 2003
1) Default Website : Annonymous & Integrated NO SSL
2) Exadmin : Integrated NO SSL
3) Exchweb : Annonymous NO SSL
4) Exchange: Basic SSL Optional
5) RPC : Basic SSL Required
6) OMA : Basic SSL Optional
7) Public : Basic+Integrated SSL Optional
8) exchange-oma : Basic & Integrated NO SSL
9) Microsoft-Server-ActiveSyn
After that restart IIS service and check it.
1) Default Website : Annonymous & Integrated NO SSL
2) Exadmin : Integrated NO SSL
3) Exchweb : Annonymous NO SSL
4) Exchange: Basic SSL Optional
5) RPC : Basic SSL Required
6) OMA : Basic SSL Optional
7) Public : Basic+Integrated SSL Optional
8) exchange-oma : Basic & Integrated NO SSL
9) Microsoft-Server-ActiveSyn
After that restart IIS service and check it.
ASKER
One more question. Do any of the suggested changes need to be made to the back-end mailbox server?
Thanks,
Dan
Thanks,
Dan
Not that I am aware of.
Hi,
Have followed the article KB 937635 proeprly.
Kindly recheck...
Have followed the article KB 937635 proeprly.
Kindly recheck...
ASKER
alanhardisty,
I went through the article you included in your previous post and turned off forms based authentication and don't have SSL enabled on the Exchange virtual directory. I went a step further as this didn't resolve the issue and reset the virtual directories by following method 2 of KB883380. I am still getting the following results (see attached image file) for the users that have been having problems connecting to activesync.
I have also tried the settings previously that SatyaPathak posted but this didn't resolve the issue
ERROR.JPG
I went through the article you included in your previous post and turned off forms based authentication and don't have SSL enabled on the Exchange virtual directory. I went a step further as this didn't resolve the issue and reset the virtual directories by following method 2 of KB883380. I am still getting the following results (see attached image file) for the users that have been having problems connecting to activesync.
I have also tried the settings previously that SatyaPathak posted but this didn't resolve the issue
ERROR.JPG
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If you had FBA enabled, did you create the exchange-oma virtual directory as per KB817379?
ASKER
Alanhardisty,
The front-end OWA server is Exchange 2003 Enterprise Edition and the back-end mailbox server is Exchange 2003 Standard edition. I confirmed they are both running build 7638.2 SP2 and will post as to whether the steps (eseutil) you outlined in your previous post worked.
Thanks,
Dan
The front-end OWA server is Exchange 2003 Enterprise Edition and the back-end mailbox server is Exchange 2003 Standard edition. I confirmed they are both running build 7638.2 SP2 and will post as to whether the steps (eseutil) you outlined in your previous post worked.
Thanks,
Dan
That's not what I am recommending.
The answer lies in the IIS settings / permissions and the kb articles mentioned.
The answer lies in the IIS settings / permissions and the kb articles mentioned.
ASKER
Alan,
The "eseutil" repair did the trick but of course ran forever. I'm glad you don't have to shut down the IS like you did in Exchange 5.5 so messages still queue in! The IIS settings looked good previous to running this procedure and I haven't run a manual defrag on that IS in over a year. All the accounts that were having problems connecting now work.
Thanks!
Dan
The "eseutil" repair did the trick but of course ran forever. I'm glad you don't have to shut down the IS like you did in Exchange 5.5 so messages still queue in! The IIS settings looked good previous to running this procedure and I haven't run a manual defrag on that IS in over a year. All the accounts that were having problems connecting now work.
Thanks!
Dan
I'll update my Article - Also working on the exact same problem with MS right now and may be forced into a daabase repair.
What joy!
Thanks for the update (and the points).
What joy!
Thanks for the update (and the points).
If you find my article helpful - please vote for it !!
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html