carlsilver
asked on
Exchange 2010 ActiveSync Issues
We recentluy did a clean install of Exchange 2010 onto a new domain, but we are having problems trying to get our iPhones to sync up.
Here is the output from testexchangeconnectivity.c om:
Here is the output from testexchangeconnectivity.c
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
ExRCA is attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential AutoDiscover URL https://xxxxx.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name xxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xxx.xxx.xxx.xxx
Testing TCP Port 443 on host xxxxx.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name xxxxx.com does not match any name found on the server certificate CN=www.xxxxx.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT89784362, O=www.xxxxx.com, C=GB
Attempting to test potential AutoDiscover URL https://autodiscover.xxxxx.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.xxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xx.xxx.xxx.xxx
Testing TCP Port 443 on host autodiscover.xxxxx.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.xxxxx.com does not match any name found on the server certificate CN=FS01
ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.xxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xx.xxx.xxx.xxx
Testing TCP Port 80 on host autodiscover.xxxxx.com to ensure it is listening and open.
The port was opened successfully.
Checking Host autodiscover.xxxxx.com for an HTTP redirect to AutoDiscover
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: You do not have permission to view this directory or page.
ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.xxxxx.com in DNS.
The Autodiscover SRV record wasn't found in DNS.
ASKER
Tried to follow the steps on that first link, and EMS give me the following error:
[quote]C:\Windows\system32 >Get-clien tAccessSer ver ¦ fl Name,AutoDiscoverServiceIn ternalUri
A positional parameter cannot be found that accepts argument 'fl'.
+ CategoryInfo : InvalidArgument: (:) [Get-ClientAccessServer], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun d,Get-Clie ntAccessSe rver
[/quote]
[quote]C:\Windows\system32
A positional parameter cannot be found that accepts argument 'fl'.
+ CategoryInfo : InvalidArgument: (:) [Get-ClientAccessServer], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun
[/quote]
the certificate set on the autodiscover virtual directory does not have the "autodiscover.xxxxx.com"
domain name added in the Subject Alternate Name on the certificate
you have two options
use a different certificate for autodiscover virtual directory that includes the name autodiscover.xxxxx.com
or to user a single certificate that has multiple names like including autodiscover.xxxxx.com
other urls might be... mail.yourdomain.com (for owa or outlookanywhere )
for detailed information please reffer to http://technet.microsoft.com/en-us/library/bb124251.aspx
revert if you have questions
Thank you
domain name added in the Subject Alternate Name on the certificate
you have two options
use a different certificate for autodiscover virtual directory that includes the name autodiscover.xxxxx.com
or to user a single certificate that has multiple names like including autodiscover.xxxxx.com
other urls might be... mail.yourdomain.com (for owa or outlookanywhere )
for detailed information please reffer to http://technet.microsoft.com/en-us/library/bb124251.aspx
revert if you have questions
Thank you
If you don't have autodiscover.domain.com on the current certificate you can utilize an SRV record to leverage the stanrd client access FQDN (e.g. mail.domain.com) for Autodiscover purposes. Not all Autodiscover-compatibile client types and versions support SRV lookup, but dependinong on what clients you are supporting you may be fine.
Take a look at this article for more details: http://support.microsoft.com/kb/940881
Take a look at this article for more details: http://support.microsoft.com/kb/940881
ASKER
i have setup yhe SRV record as per the MS KB, but still not working.
Would i wildcard SSL Certificate work?
Would i wildcard SSL Certificate work?
Can you re-run ExRCA and get a detailed error output please.
Hi
check alan's guide for setting up Activesync correctly.
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
Check the part specific to 403 error.
check alan's guide for setting up Activesync correctly.
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
Check the part specific to 403 error.
for SRV to work you must have the a certificate too.. for the autodiscover service..
i am sure you will get the same error as before in eXCRA unless certificate is taken care of
i am sure you will get the same error as before in eXCRA unless certificate is taken care of
ASKER
Here is the ExRCA Result:
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name owa.xxxxx.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xx.xxx.xxx.xxx
Testing TCP Port 443 on host owa.xxxxx.com to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xxx.xxx.xxx:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
is the port 443 open for owa.xxx.com ?
ASKER
Yep, port is open and forwarding to the Exchange Box
2 things
a) on exchange box go to
https://localhost/owa
does it work ?
Do you get a login screen
Then your OWA and 443 port is working internally.
then we have to look at firewall etc and try to figure out where things are going wrong.
b) If https://localhost/owa - doesnt work.
Then on your exchange box go to
start > run > cmd
type
netstat -ab > c:\netstat.txt
Check for something like this
192.168.1.0:443
abc.exe
where 192.168.1.10 = ip address of exchange
> Let me know what is ABC.exe running on port 443
We are trying to figure out if HTTPSSL is running on 443 - if not what other app is running there.
c) Try restarting HTTP SSL service and see if that makes any difference
Let me know the updates.
thanks
a) on exchange box go to
https://localhost/owa
does it work ?
Do you get a login screen
Then your OWA and 443 port is working internally.
then we have to look at firewall etc and try to figure out where things are going wrong.
b) If https://localhost/owa - doesnt work.
Then on your exchange box go to
start > run > cmd
type
netstat -ab > c:\netstat.txt
Check for something like this
192.168.1.0:443
abc.exe
where 192.168.1.10 = ip address of exchange
> Let me know what is ABC.exe running on port 443
We are trying to figure out if HTTPSSL is running on 443 - if not what other app is running there.
c) Try restarting HTTP SSL service and see if that makes any difference
Let me know the updates.
thanks
ASKER
can you restart your firewall.
And give me the screenshot of firewall where you have 443 open and forwarding to Exchange box.
thanks
And give me the screenshot of firewall where you have 443 open and forwarding to Exchange box.
thanks
ASKER
Firewall is working fine. i can access owa from internal and external using HTTPS
04-07-2010-20-33-47.png
04-07-2010-20-33-47.png
Download this tool and see what error codes come up
https://store.accessmylan.com/main/diagnostic-tools?pos=footer
https://store.accessmylan.com/main/diagnostic-tools?pos=footer
On your firewall is there a connection timeout set for port 443 / HTTP SSL
Does it reset the connection after X seconds etc.
Does it reset the connection after X seconds etc.
ASKER
@sunnyc7, please see attached screenshot
ldjghdlgjd.png
ldjghdlgjd.png
Are you running self signed certificate ?
This was an error in exRCA too earlier
Download Certificate manager from here and use it to install the cert. you purchased.
http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html
It can be a wildcard cert (*.domain.com) or a cert issued to your FQDN - mail.domain.com
I am chcking activesync 505
This was an error in exRCA too earlier
Download Certificate manager from here and use it to install the cert. you purchased.
http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html
It can be a wildcard cert (*.domain.com) or a cert issued to your FQDN - mail.domain.com
I am chcking activesync 505
ASKER
Downloaded the tool, but when i try to run i get the following error
error.png
error.png
ASKER
I am running Exchange 2010 not 2007
ASKER
I am not at the servers location at the moment, so i cant insert the exchange disk to install the management tools. I will do this tomorrow morning and update the question.
ok.
I will check out HTTP 505 and let you know
I will check out HTTP 505 and let you know
Just out of curiosity -- how did you install your exchange server and the hub transport / edge transport and the connectors without the Management Tools ?
You did that on powershell ?
You did that on powershell ?
ASKER
Installed Exchange, roles etc from the disk
how did you setup exchange to receive emails and send emails.
ASKER
Using exchange Management console. i have EMS installed too
Please have a read of this article that might help:
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
ASKER
@sunnyc7. Exchange Management tools are already installed.
@shreedhar: Already checked that link and inherit is already checked
@shreedhar: Already checked that link and inherit is already checked
did you install the certificates ?
Download Certificate manager from here and use it to install the cert. you purchased.
http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html
Download Certificate manager from here and use it to install the cert. you purchased.
http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html
ASKER
I have a wildcard SSL cert on order. But i cannot use that tool as it says:
error.png
error.png
How are you logged in ?
Was this user used to setup Exchange sever in the first place ?
Was this user used to setup Exchange sever in the first place ?
ASKER
Logged in as admin, always been logged into admin to install software. Already checked that link and it is ticked.
Can you restart the server ?
when was the last time you restarted the server after applying changes ?
I cant think of anything else -- why the installer wont run.
Did you run Windows updates ?
What updates are left.
when was the last time you restarted the server after applying changes ?
I cant think of anything else -- why the installer wont run.
Did you run Windows updates ?
What updates are left.
ASKER
Restarted server today, all uptodate, still getting the same errors. on the test exchange connectivity page
Import certificates
from this EE case
https://www.experts-exchange.com/questions/23807994/how-to-install-new-SSL-certificate-to-exchange-2007.html
Copy pasting here for your convenience.
. Import the certificate, Start > All Programs > Microsoft Exchang eServer 2007 > Exchange Management console
Import-ExchangeCertificate -Path c:\petenetlive.cer {enter}
Note: At this point Copy the thumbprint number to the clipboard (i.e. 9292D650DFFD7E055145E5CA5A 29E08DFC07 C53C)
Enable the Certificate
Enable-ExchangeCertificate -Services "SMTP,POP,IMAP,IIS"
Enter the Thumbprint of your certificate (i.e. 9292D650DFFD7E055145E5CA5A 29E08DFC07 C53C)
Select Yes To Overwrite
========
then configure exchange to use SSL
http://technet.microsoft.com/en-us/library/bb310764(EXCHG.80).aspx
============
After these 2 steps are done
Run ExRCA again
@
testexchangeconnectivity.c om
from this EE case
https://www.experts-exchange.com/questions/23807994/how-to-install-new-SSL-certificate-to-exchange-2007.html
Copy pasting here for your convenience.
. Import the certificate, Start > All Programs > Microsoft Exchang eServer 2007 > Exchange Management console
Import-ExchangeCertificate
Note: At this point Copy the thumbprint number to the clipboard (i.e. 9292D650DFFD7E055145E5CA5A
Enable the Certificate
Enable-ExchangeCertificate
Enter the Thumbprint of your certificate (i.e. 9292D650DFFD7E055145E5CA5A
Select Yes To Overwrite
========
then configure exchange to use SSL
http://technet.microsoft.com/en-us/library/bb310764(EXCHG.80).aspx
============
After these 2 steps are done
Run ExRCA again
@
testexchangeconnectivity.c
ASKER
i get the following error when trying to use EMS to import the certificate:
[PS] C:\Windows\system32>Import -ExchangeC ertificate -Path c:\wildcard.cer
A positional parameter cannot be found that accepts argument '-Path'.
+ CategoryInfo : InvalidArgument: (:) [Import-ExchangeCertificat e], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun d,Import-E xchangeCer tificate
[PS] C:\Windows\system32>Import
A positional parameter cannot be found that accepts argument '-Path'.
+ CategoryInfo : InvalidArgument: (:) [Import-ExchangeCertificat
+ FullyQualifiedErrorId : PositionalParameterNotFoun
ASKER
Tried to "Complete Pending Certificate Request" via the EMC and get the following error:
05-07-2010-20-30-05.png
05-07-2010-20-30-05.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I get an error relating to a missing private key when i run the above command
I am really sorry i havent responded. I have guests over. Give me about 3-4 hrs.
Just came in here to leave a quick msg.
Just came in here to leave a quick msg.
Carl My apologies for the delay in responding.
Let me handle your issues one by one
a) Error in Importing Cert http:#33139435
>> This command was for Exchange 2007. Sorry.
Exchange 2010 - you need to do this
Import-ExchangeCertificate -Path c:\certificates\import.pfx -Password:(Get-Credential) .password
Ref:
http://technet.microsoft.com/en-us/library/dd351183.aspx
Please try this and see if it works.
Let me know.
Let me handle your issues one by one
a) Error in Importing Cert http:#33139435
>> This command was for Exchange 2007. Sorry.
Exchange 2010 - you need to do this
Import-ExchangeCertificate
Ref:
http://technet.microsoft.com/en-us/library/dd351183.aspx
Please try this and see if it works.
Let me know.
ASKER
i dont seem to have the cert in .pfx format. it is installed on our webserver and i can see the .crt and they raw key, but i cant seem to get it in .pfx format.
Do i need to combine the key and cert to get the pfx?
Do i need to combine the key and cert to get the pfx?
ASKER
Recreated the CSR and re-issued the cert, all sorted now - Thanks :D
ExRCA -- all cleared ? All tests passed for ActiveSync ?
Thanks for the points :-)
Thanks for the points :-)
ASKER
Yep, ExRCA showing all green now! :)
Good :-)
Please use this to setup Autodiscover
http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/
Check the accepted solution on how to configure SSL
https://www.experts-exchange.com/questions/23807994/how-to-install-new-SSL-certificate-to-exchange-2007.html
Also this one
http://technet.microsoft.com/en-us/library/bb310764(EXCHG.80).aspx
Or you can use this tool to configure certificates
http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html