Iphone not syncing with exchange activesync

Hi, We are trying to sync iphones with our SBS 2003 SP2 Server it doe not recieve email. On a windows mobile it errros saying activesync encountered an error on the server 0x85010014.

Exchange virtual directories have been recreated permisisons checked. ssl is not used and forms based authentication is turned off. Service pack 2 has been reinstalled.

In http log "fe80::1%1 1326 fe80::1%1 80 HTTP/1.1 PROPFIND //exchange-oma/user/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/PocketPC/6F24CAD599A5BF1A690246B8C68FAE8D 400 - Hostname -"

I've seen various posts on this none have resolved the issue.for us please help
acs365serviceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Please have a read through my article, check your IIS settings, make sure you have Exchange 2003 Service Pack 2 installed, run the tests on the test site and refer to my article for any relevant errors that you get.
If you get stuck anywhere - please post and I'll see what else I can do.
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html 
0
acs365serviceAuthor Commented:
HI, Checked this. still a problem.
Further information the server has a self signed certificate though at moment just trying to get it working using port 80.
can get to http://server ip/oma and http://server ip/microsoft-server-activesync
shows website cannot display page HTTP 501/HTTP 505

The error in the event log is event id:3005
unexpected exchange mailbox server error:server:(********User:(***)
HTTP status code: (400), verify the exchange mailbox server is working correctly.

In this log \\windows\system32\logfiles\HTTPERR
80 HTTP/1.1 PROFIND //exchange-oma/username/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/pockerPC/6F24CAD599A5BF1A690246B8C68FAE8D

Thanks for any help

0
Alan HardistyCo-OwnerCommented:
SBS is fine with a self-signed certificate - No need to try with port 80 - port 443 is the best way to go.
Please ignore your logs - visit the test site, run the exchange activesync test, specify manual server settings, tick the "Ignore Trust for SSL" check box and report back the results please.
If you want to copy / paste the results that's fine - but make sure you obscure your Domain Name / IP properly.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

acs365serviceAuthor Commented:
Hi,  Clicked ignore trust ssl and throws errors about certificate.
 Testing Exchange ActiveSync  
  Exchange ActiveSync test Failed
   Test Steps
   Attempting to resolve the host name ******in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: *******
 
 Testing TCP Port 443 on host *******to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The SSL Certificate failed one or more certificate validation checks.
   Test Steps
   Validating certificate name
  Certificate name validation failed
   Tell me more about this issue and how to resolve it
   Additional Details.


 
 
 
 
 
0
Alan HardistyCo-OwnerCommented:
What is the name on your Self-Signed certificate?
Does it match the FQDN you use to connect to your server for Activesync e.g., mail.yourdomain.com
 
0
acs365serviceAuthor Commented:
Connecting using ip
0
acs365serviceAuthor Commented:
The self signed certificate is the one that is installed by default in an sbs installation and has no public A record so using ip to connect. This has not cause problems for me before.
0
Alan HardistyCo-OwnerCommented:
The certificate name should match the DNS FQDN that you are using to connect to your server.
If you are using an IP address, then the certificate should be named using the IP address, although this is not ideal.
Do you not have any external DNS records pointing to your IP Address e.g., mail.yourdomain.com?
Can you not set one up to make this work e.g., remote.yourdomain.com, then rename your certificate to match?
0
acs365serviceAuthor Commented:
I've changed certificate to ip. Does not work. As trying to get it to work on port 80 first to take ssl and certificate out the equation it surely should work on port 80 using ip address not using certificate - This works for other set ups I've done. Once works ok on port 80. Will secure and use ssl.

Thanks
0
Alan HardistyCo-OwnerCommented:
My article will help you to get it running on SSL - please follow the steps and now that your certificate is using an IP address, use the IP address when testing as the Activesync Server.
0
acs365serviceAuthor Commented:
I've followed your article and can see some difference in this virtual directory to muicroft directory?Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked  Microsoft say untick??

 •      IP Address Restrictions = Restricted to IP Address of Server does this mean deny server ip??

New test Same results.
Testing Exchange ActiveSync  
  Exchange ActiveSync test Failed
   Test Steps
   Attempting to resolve the host name *******in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: *****
 
 Testing TCP Port 443 on host ******to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The SSL Certificate failed one or more certificate validation checks.
   Test Steps
   Validating certificate name
  Certificate name validation failed
   Tell me more about this issue and how to resolve it
   Additional Details
 
I'd like to get this working without having to buy a certificate and register and A record.

Thanks  
 
 
 



0
Alan HardistyCo-OwnerCommented:
  • Require SSL and Require 128-Bit Encryption IS ticked  Microsoft say untick?? - Looks like I copied / pasted incorrectly.  Should not be ticked (although this seems weird).
  • Restricted to IP Address of Server does this mean deny server ip?? - Set to Deny Access and Add the internal IP of the Server.
  • You don't need to buy a 3rd party Certificate  - it works fine without.
0
Alan HardistyCo-OwnerCommented:
Sorry about the SSL on Virtual directory - article amended.  I had copied / pasted from the Exchange 2003 (above it) and had not clearly checked the KB article referenced.  Previously I had just referenced the KB Article!  That will teach me not to be thorough.
0
acs365serviceAuthor Commented:
No worries. Now giving  synchronising could not be completed. Try again later. Support code 0x80072F17.
I'm guessing this is an ssl error? I'm considering installing certificate authoratit and generating another certificate, Do you think that will improve thngs?
0
acs365serviceAuthor Commented:
We've installed certificate authority put certifcate on default website and install certifcate on mobile and now ssl is showing the generic error that port 80 showed server encountered an error 0x85010014?
Any other ideas
0
Alan HardistyCo-OwnerCommented:
Please can you post the full error from the test site.
0
acs365serviceAuthor Commented:
Connectivity Test Failed
 
 
Test Details  
 

 
 Testing Exchange ActiveSync  
  Exchange ActiveSync test Failed
   Test Steps
   Attempting to resolve the host name ***********in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: *********
 
 Testing TCP Port 443 on host ******** to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The certificate passed all validation requirements.
   Test Steps
   Validating certificate name
  Successfully validated the certificate name
   Additional Details
  Found hostname ********in Certificate Subject Common name  
 
 Testing certificate date to ensure validity
  Date Validation passed. The certificate is not expired.
   Additional Details
  Certificate is valid: NotBefore = 4/28/2010 2:11:33 PM, NotAfter = 4/27/2012 2:11:33 PM"  
 
 
 
 Testing Http Authentication Methods for URL https://*******/Microsoft-Server-Activesync/ 
  Http Authentication Methods are correct
   Additional Details
  Found all expected authentication methods and no disallowed methods. Methods Found: Basic  
 
 Attempting an ActiveSync session with server
  Errors were encountered while testing the ActiveSync session
   Test Steps
   Attempting to send OPTIONS command to server
  OPTIONS response was successfully received and is valid
   Additional Details
  Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7654.7
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 29 Apr 2010 07:49:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 
 
 Attempting FolderSync command on ActiveSync session
  FolderSync command test failed
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response.


 
 
 
 
 
 
 
 
0
MegaNuk3Commented:
to get rid of 500 error:
Check your Virtual Directory settings
Exchange(basic& integrated)
exchange-oma(basic & integrated) with NO SSL
0
acs365serviceAuthor Commented:
This is already set. I'm thinking this may be a microsft call
0
MegaNuk3Commented:
Are you getting any events in the application event log for ActiveSync?
0
Alan HardistyCo-OwnerCommented:
Have you run through my HTTP 500 error fix (the long bulleted section)?
If you have - please visit the following EE Question and update your MASSYNC.DLL file from the selected answer and failing that - it's time for Microsoft I'm afraid.
0
Alan HardistyCo-OwnerCommented:
0
MegaNuk3Commented:
can you screenshot your "IP address" restriction on the exchange-oma directory?

It should be "Denied access" and then have the internal IP address of the server set to Allow. You can however set it back to "allowed access" and then remove the server IP. Do an iisreset and then retest
0
MegaNuk3Commented:
@Alanhardisty - thanks for the link to that hotfix

It appears to be related to this article:
http://support.microsoft.com/kb/967046/en-us (same file version)
0
Alan HardistyCo-OwnerCommented:
No problems - never had to use it myself but it has solved the ocassional Activesync question.
I feel an article update coming along ; )
0
acs365serviceAuthor Commented:
Hi, Just generic errros from previously 3005. Yeah ran through HTTP500 section and updated Massync.dll yesterday. We have found this

"The fix after two days of troubleshooting this issue is the following article: "The domain name may not appear in its correct form in the DNS record of a Windows 2000-based or Windows Server 2003-based domain controller" http://support.microsoft.com/kb/888048 
On our SBS 2003 server I then had to: - uninstall the network card from device manager, do a scan for new devices and reinstall it -run "netsh int ip reset" -Reboot the server. -Run the Change Server IP wizard from Server Manager. -Run the connect to internet wizard -Run the remote access wizard.
After doing all of this the server and all features RRAS, Exchange System Manager, Exchange Activesync, RPC over HTTP, etc all work perfectly for me. "

Think this is next before call microsoft


0
Alan HardistyCo-OwnerCommented:
Do you have the link you got that from by any chance?
0
Alan HardistyCo-OwnerCommented:
Thanks - any progress with those suggestions?
0
acs365serviceAuthor Commented:
This has been escalated to MS
0
Alan HardistyCo-OwnerCommented:
Would be interested to know what they do to resolve - please keep good notes!
Thanks
Alan
0
acs365serviceAuthor Commented:
Turns out ipv6 had to be uninstalled and server restarted then worked fine.

Hope this helps someone
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
Random - who installed that?  It is not there by default.
Thanks for following up with the fix.  That is really appreciated.
0
MegaNuk3Commented:
thanks for the fix, I'll have to make a note of that one...

@alanhardisty - maybe that should go on your article too?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.