[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Exchange 2010 ActiveSync problem

Posted on 2010-09-07
7
Medium Priority
?
688 Views
Last Modified: 2012-05-10
Hi,
I have recently installed 2 CAS servers (ex2010) in a new environment. As part of the setup I have been testing activesync using the http://testexchangeconnectivity.com. The first server (EX001) completes all test successfully, while the second server (EX002) fails the last test with this error:
 
An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the ActiveSync session
   Test Steps
   ExRCA is attempting to send the OPTIONS command to the server.
  Testing of the OPTIONS command failed. For more information, see Additional Details.
   Additional Details
  A Web Exception occurred because an HTTP 401 - Unauthorized response was received from IIS7
 
I purchases a wildcard single domain SSL cert from GoDaddy. The request and import was completed on EX001. When I tried to import the same certificate on EX002 I got an error about thumbprint already in use, but the cert seems to have imported. The activesync does indicate that SSL Enabled = true.

Does anyone know the problem? I believe the issue relates to an SSL cert problem, but obviously the cert is OK if it works on the first server. Can the cert be used on both servers?

Thanks jk
 
 

0
Comment
Question by:kinsja1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 14

Expert Comment

by:btdownloads7
ID: 33624223
You have to get another certificate for the second server. Even though it istalled fine, it doesn't work when external clients are connecting to the server.
0
 

Author Comment

by:kinsja1
ID: 33624284
I had a feeling that this was going to be the case, however the certificate works fine when going to the secure OWA address on the second server - https://ex002/owa - no errors. Does this mean that the cert is working for owa but not activesync?
0
 
LVL 14

Expert Comment

by:btdownloads7
ID: 33624308
That does sound weird. You should check which certificates are installed in the Exchange console (http://technet.microsoft.com/en-us/library/bb124950.aspx). Maybe OWA somehow uses a different cert than ActiveSync, but that would be very weird. You can also try manually installing the cert you have for OWA and see what happens.
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33624388
If you get 401 Unauthorized please follow the below link and restart the server.

DisableLoopbackcheck registry.
key as per the article <http://support.microsoft.com/kb/896861>.

Hope this helps.
Thanks
Mohammed:)
0
 
LVL 26

Accepted Solution

by:
e_aravind earned 375 total points
ID: 33625325
When you open and see the cert. from the CAS2...do you the
"You have a private key that corresponds to this certificate"

Can you check and confirm that the CAS1 has the above mentioned
You have a private key that corresponds to this certificate

If yes, try the following on the cas2

certutil -addstore my cert.crt
certutil -repairstore my "ea c7 7d 7e e8 cd 84 9b e8 aa 71 6d f4 b7 e5 09 d9 b6 32 1b" (thumbprint value)

reference:
http://support.microsoft.com/kb/889651
0
 
LVL 2

Expert Comment

by:maz_ee
ID: 33625811
Hello,

Plz. check the authentication on the Microsoft-Server-ActiveSync virtual directory in IIS. I should only have Basic authentication. Also verify under SSL settings, ignore client certificate is selected.

Run the test-activesyncconnectivity cmd to see were it fails

Test-ActiveSyncConnectivity
http://technet.microsoft.com/en-us/library/bb123540.aspx
0
 

Author Closing Comment

by:kinsja1
ID: 33632382
The wildcard certificate can be used on multiple exchange servers, however the secret seems to be this:

Export the certificate with private key from the first server, then through the certificates mmc import it to the personal store. It can then be used through the EMC to assign services. If you try to import the certificate through the actions pane it complains about a matching thumbprint.

Regards, jk
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question