Yba02
asked on
Email on Nokia E75 to Exchange 2003
Hello,
I have Exchange 2003 single server set as back-end server. The server is published externally through ISA 2004. RPC over HTTPs is configured and is working perfect. I am trying to configure Exchange to serve emails to mobile phone devices. The device I am trying is Nokia E75.
On Exchange server, I have followed a Microsoft article and I can now browse my email from an internet browser right to the Microsoft-Server-ActiveSyn c folder. This works from internal as well external networks. It also works on my mobile phone browser.
On my mobile phone's email client, I have configured everything, including the CA certificate, which now shows in the list of Authority Certificates. Also, I can see the request arriving at ISA server as Allowed Connection using the rule I specified (same rule as RPC over HTTPs, with Microsoft-Server-ActiveSyn c added as a path.) But, nothing returns. And, there are two cases to consider here:
1 - Setting the "Denied Access" option on the virtual folder as recommended by MS article (except for the IP of the Exchange server itself) returns an error message on the mobile that reads: Server requires secure connection. Change Profile > Connection > Secure Connection to Yes. In that setting, the Secure Connection option is actually set to Yes.
2 - When I remove that "Denied Access" option, the mobile phone seems to to synchronize but returns nothing, not even an error.
For the record, my domain name for authentication is different from my email domain name. Also, in Active Directory Users and Computers, I have more than one SMTP email address set for my user account. However, the email I am trying here is set as the primary email.
Any input is highly appreciated.
Regards
Yba
I have Exchange 2003 single server set as back-end server. The server is published externally through ISA 2004. RPC over HTTPs is configured and is working perfect. I am trying to configure Exchange to serve emails to mobile phone devices. The device I am trying is Nokia E75.
On Exchange server, I have followed a Microsoft article and I can now browse my email from an internet browser right to the Microsoft-Server-ActiveSyn
On my mobile phone's email client, I have configured everything, including the CA certificate, which now shows in the list of Authority Certificates. Also, I can see the request arriving at ISA server as Allowed Connection using the rule I specified (same rule as RPC over HTTPs, with Microsoft-Server-ActiveSyn
1 - Setting the "Denied Access" option on the virtual folder as recommended by MS article (except for the IP of the Exchange server itself) returns an error message on the mobile that reads: Server requires secure connection. Change Profile > Connection > Secure Connection to Yes. In that setting, the Secure Connection option is actually set to Yes.
2 - When I remove that "Denied Access" option, the mobile phone seems to to synchronize but returns nothing, not even an error.
For the record, my domain name for authentication is different from my email domain name. Also, in Active Directory Users and Computers, I have more than one SMTP email address set for my user account. However, the email I am trying here is set as the primary email.
Any input is highly appreciated.
Regards
Yba
ASKER
Hello,
I have been doing lots of reading. It seems that all the roads converge to you. I have seen your posts here, on msexchange.org, it-eye.co.uk and your blog in the wordpress.com. This seems good and hopefully would make my life easier.
"I think" I have done the configuration by the book again and again. www.testexchangeconnectivity.com seems to fail on the same point again and again. It is always a "Testing the OPTIONS command failed. See Additional Details for more info" error. The Microsoft link in there refers to an issue with ISA server. However, that issue is reported on ISA 2000, while I have 2004. I assume that the error was fixed. Nevertheless, I am unable to confirm this fact.
Is there a way we can isolate the issue to be either of ISA or Exchange source? If proved to be ISA, what are your recommendations?
Regards
Yba
I have been doing lots of reading. It seems that all the roads converge to you. I have seen your posts here, on msexchange.org, it-eye.co.uk and your blog in the wordpress.com. This seems good and hopefully would make my life easier.
"I think" I have done the configuration by the book again and again. www.testexchangeconnectivity.com seems to fail on the same point again and again. It is always a "Testing the OPTIONS command failed. See Additional Details for more info" error. The Microsoft link in there refers to an issue with ISA server. However, that issue is reported on ISA 2000, while I have 2004. I assume that the error was fixed. Nevertheless, I am unable to confirm this fact.
Is there a way we can isolate the issue to be either of ISA or Exchange source? If proved to be ISA, what are your recommendations?
Regards
Yba
I do have one or two roads covered quite well ; )
Can you have a read of the following and check / re-publish your Activesync rule:
http://www.petri.co.il/publishing_owa_with_isa2004.htm
I have a client using ISA 2004 with SBS 2003, so I can check / very settings happily.
To rule out the ISA box (hopefully), download the Activesync Test App mentioned in my article and run it on a PC inside the LAn and test using the LAN option. This should hopefully bypass the ISA server and should test the settings on the server.
Can you have a read of the following and check / re-publish your Activesync rule:
http://www.petri.co.il/publishing_owa_with_isa2004.htm
I have a client using ISA 2004 with SBS 2003, so I can check / very settings happily.
To rule out the ISA box (hopefully), download the Activesync Test App mentioned in my article and run it on a PC inside the LAn and test using the LAN option. This should hopefully bypass the ISA server and should test the settings on the server.
ASKER
Are you referring to the PPC emulator?
This is what I mean:
https://store.accessmylan.com/main/diagnostic-tools
Download the one for your PC.
https://store.accessmylan.com/main/diagnostic-tools
Download the one for your PC.
ASKER
I have downloaded the tool. It seems indeed an Exchange issue. ISA is not invloved.
"ActiveSync detected, but not correctly configured."
That was the result returned from the tool when checking version of of ActiveSync.
When that happened, I removed the activesync vritual directory I had and rebuilt it according to this Microsoft article: http://support.microsoft.com/?id=817379. But still the same.
Here are the settings of the system:
1 - Virtual dirrectory: Microsoft-Server-ActiveSyn c.
2 - Registery path: HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Mas Sync\Param eters
3 - Registry key: ExchangeVDir, type: DWORD, Value: /Microsoft-Server-ActiveSy nc.
4 - Authentication methods: basic and integrated.
5 - Require Secure Channel (SSL) NOT checked.
Any idea what might be missing?
Regards
Yba
"ActiveSync detected, but not correctly configured."
That was the result returned from the tool when checking version of of ActiveSync.
When that happened, I removed the activesync vritual directory I had and rebuilt it according to this Microsoft article: http://support.microsoft.com/?id=817379. But still the same.
Here are the settings of the system:
1 - Virtual dirrectory: Microsoft-Server-ActiveSyn
2 - Registery path: HKEY_LOCAL_MACHINE\SYSTEM\
3 - Registry key: ExchangeVDir, type: DWORD, Value: /Microsoft-Server-ActiveSy
4 - Authentication methods: basic and integrated.
5 - Require Secure Channel (SSL) NOT checked.
Any idea what might be missing?
Regards
Yba
As per my article, the microsoft-server-activesyn c virtual directory requires Basic Authentication ONLY and SSL should be enabled.
Please check through my article posted above and check all IIS settings carefully, then run iisreset if you make any changes and test again.
Please check through my article posted above and check all IIS settings carefully, then run iisreset if you make any changes and test again.
ASKER
I have discovered too many things. As they might be irrelevant, I dont see any good in listing them. However, let us start from this question.
What are the virtual folders invovled in ActiveSync?
For me, they are three: Microsoft-Server-ActiveSyn c, OMA and Exchange-OMA. They are in this link:
http://support.microsoft.com/kb/937635. If that is the case, which one should go into the registry?
Regards
Yba
Note: I have managed to make the tool advance a little bit. It now halts on an error 403 (disbaled for this user.) I am using my own user and it is not disbaled for activesync.
What are the virtual folders invovled in ActiveSync?
For me, they are three: Microsoft-Server-ActiveSyn
http://support.microsoft.com/kb/937635. If that is the case, which one should go into the registry?
Regards
Yba
Note: I have managed to make the tool advance a little bit. It now halts on an error 403 (disbaled for this user.) I am using my own user and it is not disbaled for activesync.
My article lists the virtual directories involved with Activesync.
If you have Exchange 2003 (not part of SBS), then it is Exchange and Microsoft-Server-Activesyn c (and exchange-oma if you use Forms Based Authentication).
If you have SBS 2003, then is it Exchange, Microsoft-Server-Activesyn c, Exchange-OMA and OMA.
The only directory entered via the registry is exchange-oma, but only if you are using Forms Based Authentication.
Run through the IIS settings from my article and check your settings against those. If you get the 403 error, then my article has recommendations for what to do to resolve those.
If you have Exchange 2003 (not part of SBS), then it is Exchange and Microsoft-Server-Activesyn
If you have SBS 2003, then is it Exchange, Microsoft-Server-Activesyn
The only directory entered via the registry is exchange-oma, but only if you are using Forms Based Authentication.
Run through the IIS settings from my article and check your settings against those. If you get the 403 error, then my article has recommendations for what to do to resolve those.
ASKER
Hi,
I had it working, finally.
There were two parts that you have missed in your article:
1 - On Exchange server, IIS is the operations theatre for Exchange System Manager. I could not spot the part in your article in which you have mentioned that whatever folders you have in IIS, must have their counterparts in ESM, properly configured for the required purpose.
Actually, you should have started by guiding to configure virtual folders in ESM, not IIS. If these folders are not in ESM, nothing will work, and this goes to each and every HTTP-dependent Exchange feature, such as OMA, OWA, RPC/HTTP and MAS.
If these virtual directories are properly created in ESM, restarting IIS Admin will create them readily configured in IIS. This goes on for Exchange-OMA too. In fact, the only thing I was missing is a virtual directory called Exchange-OMA in my ESM. Once I manually created that folder, I got everything up and running.
The bottom line is: if you have a VD in IIS, then you must have it in ESM. Otherwise, nothing for that IIS VD will work.
Even for that Microsoft recommendation to create a VD in IIS (Exchange-OMA) to handle non-SSL requests for MAS and OMA folders, you actually do not need that. Create it in ESM (as SMTP folder and name it Exchange-OMA) and restart IIS Admin service to have in IIS. The amazing thing here is that once you choose the proper type of service which that VD will server, you do not even need to touch permissions. Everything comes automatically. The only thing you want to make sure of is that FBA is not enabled on the HHTP VD in ESM when Exchange-OMA VD is being created.
2 – I have used two testing utilities in this experience. The one provided by Microsoft (https://www.testexchangeconnectivity.com) and the one in your article. I do not blame you for this of course but both utilities generate different types of errors WHILE MAS works charmingly. I know that you have mentioned in your article that MAS can work while error 403 is still being generated. However, it would have been smoother to the reader to know that they should not entirely depend on these utilities for testing. The real test is seeing emails flying in their mobile devices.
Awaiting your feedback before closing this thread.
Regards
Yba
I had it working, finally.
There were two parts that you have missed in your article:
1 - On Exchange server, IIS is the operations theatre for Exchange System Manager. I could not spot the part in your article in which you have mentioned that whatever folders you have in IIS, must have their counterparts in ESM, properly configured for the required purpose.
Actually, you should have started by guiding to configure virtual folders in ESM, not IIS. If these folders are not in ESM, nothing will work, and this goes to each and every HTTP-dependent Exchange feature, such as OMA, OWA, RPC/HTTP and MAS.
If these virtual directories are properly created in ESM, restarting IIS Admin will create them readily configured in IIS. This goes on for Exchange-OMA too. In fact, the only thing I was missing is a virtual directory called Exchange-OMA in my ESM. Once I manually created that folder, I got everything up and running.
The bottom line is: if you have a VD in IIS, then you must have it in ESM. Otherwise, nothing for that IIS VD will work.
Even for that Microsoft recommendation to create a VD in IIS (Exchange-OMA) to handle non-SSL requests for MAS and OMA folders, you actually do not need that. Create it in ESM (as SMTP folder and name it Exchange-OMA) and restart IIS Admin service to have in IIS. The amazing thing here is that once you choose the proper type of service which that VD will server, you do not even need to touch permissions. Everything comes automatically. The only thing you want to make sure of is that FBA is not enabled on the HHTP VD in ESM when Exchange-OMA VD is being created.
2 – I have used two testing utilities in this experience. The one provided by Microsoft (https://www.testexchangeconnectivity.com) and the one in your article. I do not blame you for this of course but both utilities generate different types of errors WHILE MAS works charmingly. I know that you have mentioned in your article that MAS can work while error 403 is still being generated. However, it would have been smoother to the reader to know that they should not entirely depend on these utilities for testing. The real test is seeing emails flying in their mobile devices.
Awaiting your feedback before closing this thread.
Regards
Yba
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
I have not noticed the mistake I have made about "virtual folders". It was a mistake indeed and thank you for the clarification.
Please substitute the word "folder", whereever it appears, with the word "directory" and read the reply again. We can continue the discussion afterwards :).
Regards
Yba
I have not noticed the mistake I have made about "virtual folders". It was a mistake indeed and thank you for the clarification.
Please substitute the word "folder", whereever it appears, with the word "directory" and read the reply again. We can continue the discussion afterwards :).
Regards
Yba
Best bet if you want to discuss this further is to contact me directly and then we can discuss this off-line, as this is not related to fixing your problem.
If you click my name, you will get to my profile and from there, you will find an email address that you can email me on.
If you click my name, you will get to my profile and from there, you will find an email address that you can email me on.
ASKER
The solution lacks some parts.
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html