acs365service
asked on
Iphone not syncing with exchange activesync
Hi, We are trying to sync iphones with our SBS 2003 SP2 Server it doe not recieve email. On a windows mobile it errros saying activesync encountered an error on the server 0x85010014.
Exchange virtual directories have been recreated permisisons checked. ssl is not used and forms based authentication is turned off. Service pack 2 has been reinstalled.
In http log "fe80::1%1 1326 fe80::1%1 80 HTTP/1.1 PROPFIND //exchange-oma/user/NON_IP M_SUBTREE/ Microsoft- Server-Act iveSync/Po cketPC/6F2 4CAD599A5B F1A690246B 8C68FAE8D 400 - Hostname -"
I've seen various posts on this none have resolved the issue.for us please help
Exchange virtual directories have been recreated permisisons checked. ssl is not used and forms based authentication is turned off. Service pack 2 has been reinstalled.
In http log "fe80::1%1 1326 fe80::1%1 80 HTTP/1.1 PROPFIND //exchange-oma/user/NON_IP
I've seen various posts on this none have resolved the issue.for us please help
ASKER
HI, Checked this. still a problem.
Further information the server has a self signed certificate though at moment just trying to get it working using port 80.
can get to http://server ip/oma and http://server ip/microsoft-server-active sync
shows website cannot display page HTTP 501/HTTP 505
The error in the event log is event id:3005
unexpected exchange mailbox server error:server:(********User :(***)
HTTP status code: (400), verify the exchange mailbox server is working correctly.
In this log \\windows\system32\logfile s\HTTPERR
80 HTTP/1.1 PROFIND //exchange-oma/username/NO N_IPM_SUBT REE/Micros oft-Server -ActiveSyn c/pockerPC /6F24CAD59 9A5BF1A690 246B8C68FA E8D
Thanks for any help
Further information the server has a self signed certificate though at moment just trying to get it working using port 80.
can get to http://server ip/oma and http://server ip/microsoft-server-active
shows website cannot display page HTTP 501/HTTP 505
The error in the event log is event id:3005
unexpected exchange mailbox server error:server:(********User
HTTP status code: (400), verify the exchange mailbox server is working correctly.
In this log \\windows\system32\logfile
80 HTTP/1.1 PROFIND //exchange-oma/username/NO
Thanks for any help
SBS is fine with a self-signed certificate - No need to try with port 80 - port 443 is the best way to go.
Please ignore your logs - visit the test site, run the exchange activesync test, specify manual server settings, tick the "Ignore Trust for SSL" check box and report back the results please.
If you want to copy / paste the results that's fine - but make sure you obscure your Domain Name / IP properly.
Please ignore your logs - visit the test site, run the exchange activesync test, specify manual server settings, tick the "Ignore Trust for SSL" check box and report back the results please.
If you want to copy / paste the results that's fine - but make sure you obscure your Domain Name / IP properly.
ASKER
Hi, Clicked ignore trust ssl and throws errors about certificate.
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name ******in DNS.
Host successfully resolved
Additional Details
IP(s) returned: *******
Testing TCP Port 443 on host *******to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details.
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name ******in DNS.
Host successfully resolved
Additional Details
IP(s) returned: *******
Testing TCP Port 443 on host *******to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details.
What is the name on your Self-Signed certificate?
Does it match the FQDN you use to connect to your server for Activesync e.g., mail.yourdomain.com
Does it match the FQDN you use to connect to your server for Activesync e.g., mail.yourdomain.com
ASKER
Connecting using ip
ASKER
The self signed certificate is the one that is installed by default in an sbs installation and has no public A record so using ip to connect. This has not cause problems for me before.
The certificate name should match the DNS FQDN that you are using to connect to your server.
If you are using an IP address, then the certificate should be named using the IP address, although this is not ideal.
Do you not have any external DNS records pointing to your IP Address e.g., mail.yourdomain.com?
Can you not set one up to make this work e.g., remote.yourdomain.com, then rename your certificate to match?
If you are using an IP address, then the certificate should be named using the IP address, although this is not ideal.
Do you not have any external DNS records pointing to your IP Address e.g., mail.yourdomain.com?
Can you not set one up to make this work e.g., remote.yourdomain.com, then rename your certificate to match?
ASKER
I've changed certificate to ip. Does not work. As trying to get it to work on port 80 first to take ssl and certificate out the equation it surely should work on port 80 using ip address not using certificate - This works for other set ups I've done. Once works ok on port 80. Will secure and use ssl.
Thanks
Thanks
My article will help you to get it running on SSL - please follow the steps and now that your certificate is using an IP address, use the IP address when testing as the Activesync Server.
ASKER
I've followed your article and can see some difference in this virtual directory to muicroft directory?Microsoft-Server -Activesyn c Virtual Directory
• Authentication = Basic
• Default Domain = NETBIOS domain name - e.g., yourcompany
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked Microsoft say untick??
• IP Address Restrictions = Restricted to IP Address of Server does this mean deny server ip??
New test Same results.
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name *******in DNS.
Host successfully resolved
Additional Details
IP(s) returned: *****
Testing TCP Port 443 on host ******to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details
I'd like to get this working without having to buy a certificate and register and A record.
Thanks
• Authentication = Basic
• Default Domain = NETBIOS domain name - e.g., yourcompany
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked Microsoft say untick??
• IP Address Restrictions = Restricted to IP Address of Server does this mean deny server ip??
New test Same results.
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name *******in DNS.
Host successfully resolved
Additional Details
IP(s) returned: *****
Testing TCP Port 443 on host ******to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details
I'd like to get this working without having to buy a certificate and register and A record.
Thanks
- Require SSL and Require 128-Bit Encryption IS ticked Microsoft say untick?? - Looks like I copied / pasted incorrectly. Should not be ticked (although this seems weird).
- Restricted to IP Address of Server does this mean deny server ip?? - Set to Deny Access and Add the internal IP of the Server.
- You don't need to buy a 3rd party Certificate - it works fine without.
Sorry about the SSL on Virtual directory - article amended. I had copied / pasted from the Exchange 2003 (above it) and had not clearly checked the KB article referenced. Previously I had just referenced the KB Article! That will teach me not to be thorough.
ASKER
No worries. Now giving synchronising could not be completed. Try again later. Support code 0x80072F17.
I'm guessing this is an ssl error? I'm considering installing certificate authoratit and generating another certificate, Do you think that will improve thngs?
I'm guessing this is an ssl error? I'm considering installing certificate authoratit and generating another certificate, Do you think that will improve thngs?
ASKER
We've installed certificate authority put certifcate on default website and install certifcate on mobile and now ssl is showing the generic error that port 80 showed server encountered an error 0x85010014?
Any other ideas
Any other ideas
Please can you post the full error from the test site.
ASKER
Connectivity Test Failed
Test Details
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name ***********in DNS.
Host successfully resolved
Additional Details
IP(s) returned: *********
Testing TCP Port 443 on host ******** to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname ********in Certificate Subject Common name
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 4/28/2010 2:11:33 PM, NotAfter = 4/27/2012 2:11:33 PM"
Testing Http Authentication Methods for URL https://*******/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic
Attempting an ActiveSync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7654.7
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward ,SmartRepl y,GetAttac hment,GetH ierarchy,C reateColle ction,Dele teCollecti on,MoveCol lection,Fo lderSync,F olderCreat e,FolderDe lete,Folde rUpdate,Mo veItems,Ge tItemEstim ate,Meetin gResponse, ResolveRec ipients,Va lidateCert ,Provision ,Search,No tify,Ping
Content-Length: 0
Date: Thu, 29 Apr 2010 07:49:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
Test Details
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name ***********in DNS.
Host successfully resolved
Additional Details
IP(s) returned: *********
Testing TCP Port 443 on host ******** to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname ********in Certificate Subject Common name
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 4/28/2010 2:11:33 PM, NotAfter = 4/27/2012 2:11:33 PM"
Testing Http Authentication Methods for URL https://*******/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic
Attempting an ActiveSync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
OPTIONS response was successfully received and is valid
Additional Details
Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7654.7
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Content-Length: 0
Date: Thu, 29 Apr 2010 07:49:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting FolderSync command on ActiveSync session
FolderSync command test failed
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
to get rid of 500 error:
Check your Virtual Directory settings
Exchange(basic& integrated)
exchange-oma(basic & integrated) with NO SSL
Check your Virtual Directory settings
Exchange(basic& integrated)
exchange-oma(basic & integrated) with NO SSL
ASKER
This is already set. I'm thinking this may be a microsft call
Are you getting any events in the application event log for ActiveSync?
Have you run through my HTTP 500 error fix (the long bulleted section)?
If you have - please visit the following EE Question and update your MASSYNC.DLL file from the selected answer and failing that - it's time for Microsoft I'm afraid.
If you have - please visit the following EE Question and update your MASSYNC.DLL file from the selected answer and failing that - it's time for Microsoft I'm afraid.
Oh - and here is the link (Doh!):
https://www.experts-exchange.com/questions/25767899/Exchange-2003-w-Iphone-setup.html?cid=1135&anchorAnswerId=30140466#a30140466
https://www.experts-exchange.com/questions/25767899/Exchange-2003-w-Iphone-setup.html?cid=1135&anchorAnswerId=30140466#a30140466
can you screenshot your "IP address" restriction on the exchange-oma directory?
It should be "Denied access" and then have the internal IP address of the server set to Allow. You can however set it back to "allowed access" and then remove the server IP. Do an iisreset and then retest
It should be "Denied access" and then have the internal IP address of the server set to Allow. You can however set it back to "allowed access" and then remove the server IP. Do an iisreset and then retest
@Alanhardisty - thanks for the link to that hotfix
It appears to be related to this article:
http://support.microsoft.com/kb/967046/en-us (same file version)
It appears to be related to this article:
http://support.microsoft.com/kb/967046/en-us (same file version)
No problems - never had to use it myself but it has solved the ocassional Activesync question.
I feel an article update coming along ; )
I feel an article update coming along ; )
ASKER
Hi, Just generic errros from previously 3005. Yeah ran through HTTP500 section and updated Massync.dll yesterday. We have found this
"The fix after two days of troubleshooting this issue is the following article: "The domain name may not appear in its correct form in the DNS record of a Windows 2000-based or Windows Server 2003-based domain controller" http://support.microsoft.com/kb/888048
On our SBS 2003 server I then had to: - uninstall the network card from device manager, do a scan for new devices and reinstall it -run "netsh int ip reset" -Reboot the server. -Run the Change Server IP wizard from Server Manager. -Run the connect to internet wizard -Run the remote access wizard.
After doing all of this the server and all features RRAS, Exchange System Manager, Exchange Activesync, RPC over HTTP, etc all work perfectly for me. "
Think this is next before call microsoft
"The fix after two days of troubleshooting this issue is the following article: "The domain name may not appear in its correct form in the DNS record of a Windows 2000-based or Windows Server 2003-based domain controller" http://support.microsoft.com/kb/888048
On our SBS 2003 server I then had to: - uninstall the network card from device manager, do a scan for new devices and reinstall it -run "netsh int ip reset" -Reboot the server. -Run the Change Server IP wizard from Server Manager. -Run the connect to internet wizard -Run the remote access wizard.
After doing all of this the server and all features RRAS, Exchange System Manager, Exchange Activesync, RPC over HTTP, etc all work perfectly for me. "
Think this is next before call microsoft
Do you have the link you got that from by any chance?
Thanks - any progress with those suggestions?
ASKER
This has been escalated to MS
Would be interested to know what they do to resolve - please keep good notes!
Thanks
Alan
Thanks
Alan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Random - who installed that? It is not there by default.
Thanks for following up with the fix. That is really appreciated.
Thanks for following up with the fix. That is really appreciated.
thanks for the fix, I'll have to make a note of that one...
@alanhardisty - maybe that should go on your article too?
@alanhardisty - maybe that should go on your article too?
If you get stuck anywhere - please post and I'll see what else I can do.
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html