Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 972
  • Last Modified:

Setting up Droid to sync with Exchange and getting Authentication errors

I have a user who bought a droid phone I am trying to Sync with his Exchange server. I enter the same setting I use on My droid for my server except for his user name, PWD, and server name yet get an error of Authentication failed. I have confirmed the user name and password.

I even tried deleting the account off my phone and trying to add his but it didn't work so the problem i suspect is with some sort of configuration on his server. We both use Exchange with the same router and basic setups. I rand the Active Sync test https://testexchangeconnectivity.com  on their info and got this (below). Can anyone help me sort this out?



Testing Http Authentication Methods for URL https://mail.sfdins.com/Microsoft-Server-Activesync/
       The HTTP authentication test failed.
       
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>
0
Axis52401
Asked:
Axis52401
  • 5
  • 4
1 Solution
 
Hypercat (Deb)Commented:
<<The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.>>
This is the key phrase. You need to look at the security settings for the website on your Exchange server and check if there is a list or range of IP addresses that are denied access.
0
 
Axis52401Security AnalystAuthor Commented:
How do I check that, I know there is the Access Tab of the Default SMTP server and I have checked the relay and connection settings and they don't show my or Microsofts IP as being blocked?
0
 
Hypercat (Deb)Commented:
You need to open the IIS Manager on the server and check the settings there for the Default Web Site and possibly for some of the other virtual directories:
  1. On the Exchange server, open IIS Manager.
  2. Navigate down to the Web Site/Default Web Site object.
  3. Right-click and go to Properties, then go to the Directory Security tab (see screen capture).
IIS-Properties-DS-tab.jpg
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Hypercat (Deb)Commented:
One to the next step:
  1. Click the Edit button for the "IP address and domain name restrictions." (See screen capture)
  2. Check there to see if the Denied access item is checked and if there are any IP addresses listed there.
  3. If nothing is listed there, check the same settings for the Microsoft-Server-Activesync and OMA virtual directories.
IIS-DS-IP-Granted.jpg
0
 
Axis52401Security AnalystAuthor Commented:
This is what I have that set too and I get the same Authentication error. if I am reading this right it says all IP's  are allowed.
IP.doc
IP.doc
0
 
Hypercat (Deb)Commented:
That is for the Exchange virtual directory. Did you look at the top-level Default Web Site and the other two virtual directories I mentioned? Those are the ones that might be restricted.
0
 
Axis52401Security AnalystAuthor Commented:
I found that the settings for Microsoft-Server-Activesync showed some IP's there and I set it to allow all it works, and the phone will sync, however if I do an IIS reset it puts those IP's back. So my last question is if I happen to reboot the server will it do what an IIS reset does and put those IP's back?
0
 
Hypercat (Deb)Commented:
That's very odd, I've never heard of that happening before...Do you have administrative-level access to the computer where Exchange is running?
I'll do a little research and see if I can figure out why they'd come back, but it will take a while, as I have a meeting I have to go to first.
0
 
Axis52401Security AnalystAuthor Commented:
Yes, I'm logged in with full domain admin rights, and I've got his phone synced up and it's working. I'm just concerned that the next reboot we do for whatever reason might stop the phone from Syncing.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now