Setting up Droid to sync with Exchange and getting Authentication errors

I have a user who bought a droid phone I am trying to Sync with his Exchange server. I enter the same setting I use on My droid for my server except for his user name, PWD, and server name yet get an error of Authentication failed. I have confirmed the user name and password.

I even tried deleting the account off my phone and trying to add his but it didn't work so the problem i suspect is with some sort of configuration on his server. We both use Exchange with the same router and basic setups. I rand the Active Sync test https://testexchangeconnectivity.com  on their info and got this (below). Can anyone help me sort this out?



Testing Http Authentication Methods for URL https://mail.sfdins.com/Microsoft-Server-Activesync/
       The HTTP authentication test failed.
       
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>
LVL 2
Axis52401Security AnalystAsked:
Who is Participating?
 
Hypercat (Deb)Connect With a Mentor Commented:
That's very odd, I've never heard of that happening before...Do you have administrative-level access to the computer where Exchange is running?
I'll do a little research and see if I can figure out why they'd come back, but it will take a while, as I have a meeting I have to go to first.
0
 
Hypercat (Deb)Commented:
<<The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.>>
This is the key phrase. You need to look at the security settings for the website on your Exchange server and check if there is a list or range of IP addresses that are denied access.
0
 
Axis52401Security AnalystAuthor Commented:
How do I check that, I know there is the Access Tab of the Default SMTP server and I have checked the relay and connection settings and they don't show my or Microsofts IP as being blocked?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Hypercat (Deb)Commented:
You need to open the IIS Manager on the server and check the settings there for the Default Web Site and possibly for some of the other virtual directories:
  1. On the Exchange server, open IIS Manager.
  2. Navigate down to the Web Site/Default Web Site object.
  3. Right-click and go to Properties, then go to the Directory Security tab (see screen capture).
IIS-Properties-DS-tab.jpg
0
 
Hypercat (Deb)Commented:
One to the next step:
  1. Click the Edit button for the "IP address and domain name restrictions." (See screen capture)
  2. Check there to see if the Denied access item is checked and if there are any IP addresses listed there.
  3. If nothing is listed there, check the same settings for the Microsoft-Server-Activesync and OMA virtual directories.
IIS-DS-IP-Granted.jpg
0
 
Axis52401Security AnalystAuthor Commented:
This is what I have that set too and I get the same Authentication error. if I am reading this right it says all IP's  are allowed.
IP.doc
IP.doc
0
 
Hypercat (Deb)Commented:
That is for the Exchange virtual directory. Did you look at the top-level Default Web Site and the other two virtual directories I mentioned? Those are the ones that might be restricted.
0
 
Axis52401Security AnalystAuthor Commented:
I found that the settings for Microsoft-Server-Activesync showed some IP's there and I set it to allow all it works, and the phone will sync, however if I do an IIS reset it puts those IP's back. So my last question is if I happen to reboot the server will it do what an IIS reset does and put those IP's back?
0
 
Axis52401Security AnalystAuthor Commented:
Yes, I'm logged in with full domain admin rights, and I've got his phone synced up and it's working. I'm just concerned that the next reboot we do for whatever reason might stop the phone from Syncing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.