We help IT Professionals succeed at work.

A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown

Thie above error has been noted on many messageboards without a clear fix to the issues.
The site is a single sbs 2003 server with a firewall router and windows updated to the latest security updates and a valid GoDaddy SSL certificate with a remote.domain.com dns address
The device is a HTC HD2 from O2 with activesync 6.5

Using Exchange Remote Connectivity Analyzer www.testexchangeconnectivity.com as my test base.
If I use domain\user and the correct password - no problems - successfully green ticks throughout and is able to count over 3000 messages.
If I use the valid email address of this account user@domain.com instead of domain\user it fails with:
An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the ActiveSync session
   Test Steps
   ExRCA is attempting to send the OPTIONS command to the server.
  Testing of the OPTIONS command failed. For more information, see Additional Details.
   Additional Details
  A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown
 
In the logfile C:\WINDOWS\system32\LogFiles\W3SVC1\ex100615.log
2010-06-15 09:10:55 W3SVC1 xxx.xxx.xxx.xxx OPTIONS /Microsoft-Server-Activesync/ - 443 user@domain.com xxx.xxx.xxx.xxx Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) 401 1 1326
 (identifiable details removed)
Which other users have stated that 1326 means ERROR_LOGON_FAILURE but it is the same account for both authentication methods.
oma is the same issue - login as domain\user - works successfully, login as email address fails.

I suspect that once the email address login succeeds - the HTC HD2 device will connect.
Kind Regards
fosseitsl
Comment
Watch Question

Author

Commented:
Have Checked and restarted IIS as per http://www.chicagotech.net/netforums/viewtopic.php?t=5785

1. Enable anonymous access and Integrated Windows Authentication are checked in both Default web site and exchange-oma directories.
2. Integrated Windows Authentication is checked in ExAdmin directory (Note: you must have this directory in SBS for ActiveSync to work).
3. Only Basic Authentication is checked in Exchange, Microsoft-Server-ActiveSync, OMA directories.
4. Only Enable anonymous access is checked in Exchweb.
Although I haven't got the email address login fixed - I have been able to resolve the HTC uthentication issue:

using These instructions to wipe exchange on device:
In ActiveSync go to Menu->Options. Make sure Microsoft Exchange is highlighted and click Delete. (from: http://forum.xda-developers.com/showthread.php?t=449876)

Email from O2:
 To Set Up Microsoft Exchange ActiveSync Email:
1. Ensure that device is configured with an active internet connection. Press the Start button.
2. Scroll down and tap Tools.
3. Tap ActiveSync.
4. Tap Menu.
5. Tap the Add Server Source.
6. Enter the Exchange Email address.
7. If Attempt to detect Exchange Server Settings automatically is selected, tap the box to remove the tick.
8. Tap Next.
9. Enter the Exchange Server address.
10. If the Exchange server does NOT require an SSL connection tap to remove the tick from the box: This server requires an encrypted (SSL) connection.
11. Tap OK.
12. Tap Next.
13. Enter the following information Exchange Username Exchange Password Exchange Domain Once complete, tap Next.
14. Tap Finish.
15. The handset will now synchronize with the exchange server. Click Next to continue. The Microsoft Exchange email account has been successfully configured


But...
http://ezinearticles.com/?Guide---Configuring-Exchange-Active-Sync-on-HTC-Hero-Android-Device&id=2901913

Tap the Mail icon then tap "Microsoft Exchange ActiveSync"
* Enter your email address in the top field and your Active Directory password in the second field
* Tap "Manual Setup"
* Enter the full Exchange server gateway URL (or IP address) in to the "Server address" field (eg: mail.yourdomain.com)
* Enter your Active Directory domain, you'll probably need to use the full domain name (eg: yourdomain.local). Your domain admin will be able to provide you with these details
* Enter your Active Directory username and password in the relevant boxes
* If your domain uses SSL (again, your domain admins will be able to tell you), make sure you tick the "This server requires an encrypted SSL connection"
* Click Next and the phone will say "Verifying account information..."
* If the connection succeeds, you'll be asked to specify what you would like to synchronize from Mail, Contacts and Calendar. If it doesn't succeed, you'll probably have entered in some information incorrectly, go back and re-enter everything. If it still doesn't work, contact your IT department
* Hit Finish Setup and the phone should begin to sync your mail

The trick is to using domain.local as the domain name
Kind Regards
fosseitsl
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Just seen this question pop up on the abandoned list.
I know you have requested it be closed, but I am happy to work with you on this if you want to and am probably the most qualified Exchange person to assist you with Activesync on an Exchange 2003 server.
If not - no worries and sorry I didn't pick it up earlier.
Alan

Author

Commented:
Alan,
Thankyou for your comment.
Does email address authentication actually work with activesync - checking various SBS Servers and domain member exchange 2003 servers appear not to accept this form of authentication?
Kind Regards
Paul
Alan HardistyCo-Owner
Top Expert 2011

Commented:
To be totally honest - I have never tried it!
I have always used my domain \ username for credentials and not the email address.
Just running a test using the following test app:
https://store.accessmylan.com/main/diagnostic-tools
In short - on my Exchange 2010 server the answer is NO.

Author

Commented:
Same as 2003 and 2007!
Alan HardistyCo-Owner
Top Expert 2011

Commented:
I have seen some threads suggesting tha it works when using GMAIL, but I have never seen it done that way in 2003 or 2007, but that does not mean it cannot be done.
Do you have an issue using the domain and username instead of the email address?

Author

Commented:
Alan,

The initial reason for this case was that HTC HD2 device could not authenticate to Exchange 2003 Activesync.  O2 suggested using an email address as the username which never worked. But someone on another newsgroup suggested that using the fqdn local domain name worked instead.
I was raising an issue of authentication of email address as O2 suggested that solution but appears that they may be giving out false hope.
Thankyou for your comments
Paul
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Sure - I understand.
Are you not working and you need help, or are you happy and working?