kinsja1
asked on
Exchange 2010 ActiveSync problem
Hi,
I have recently installed 2 CAS servers (ex2010) in a new environment. As part of the setup I have been testing activesync using the http://testexchangeconnectivity.com. The first server (EX001) completes all test successfully, while the second server (EX002) fails the last test with this error:
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the ActiveSync session
Test Steps
ExRCA is attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
A Web Exception occurred because an HTTP 401 - Unauthorized response was received from IIS7
I purchases a wildcard single domain SSL cert from GoDaddy. The request and import was completed on EX001. When I tried to import the same certificate on EX002 I got an error about thumbprint already in use, but the cert seems to have imported. The activesync does indicate that SSL Enabled = true.
Does anyone know the problem? I believe the issue relates to an SSL cert problem, but obviously the cert is OK if it works on the first server. Can the cert be used on both servers?
Thanks jk
I have recently installed 2 CAS servers (ex2010) in a new environment. As part of the setup I have been testing activesync using the http://testexchangeconnectivity.com. The first server (EX001) completes all test successfully, while the second server (EX002) fails the last test with this error:
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the ActiveSync session
Test Steps
ExRCA is attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
A Web Exception occurred because an HTTP 401 - Unauthorized response was received from IIS7
I purchases a wildcard single domain SSL cert from GoDaddy. The request and import was completed on EX001. When I tried to import the same certificate on EX002 I got an error about thumbprint already in use, but the cert seems to have imported. The activesync does indicate that SSL Enabled = true.
Does anyone know the problem? I believe the issue relates to an SSL cert problem, but obviously the cert is OK if it works on the first server. Can the cert be used on both servers?
Thanks jk
You have to get another certificate for the second server. Even though it istalled fine, it doesn't work when external clients are connecting to the server.
ASKER
I had a feeling that this was going to be the case, however the certificate works fine when going to the secure OWA address on the second server - https://ex002/owa - no errors. Does this mean that the cert is working for owa but not activesync?
That does sound weird. You should check which certificates are installed in the Exchange console (http://technet.microsoft.com/en-us/library/bb124950.aspx). Maybe OWA somehow uses a different cert than ActiveSync, but that would be very weird. You can also try manually installing the cert you have for OWA and see what happens.
If you get 401 Unauthorized please follow the below link and restart the server.
DisableLoopbackcheck registry.
key as per the article <http://support.microsoft.com/kb/896861>.
Hope this helps.
Thanks
Mohammed:)
DisableLoopbackcheck registry.
key as per the article <http://support.microsoft.com/kb/896861>.
Hope this helps.
Thanks
Mohammed:)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello,
Plz. check the authentication on the Microsoft-Server-ActiveSyn c virtual directory in IIS. I should only have Basic authentication. Also verify under SSL settings, ignore client certificate is selected.
Run the test-activesyncconnectivit y cmd to see were it fails
Test-ActiveSyncConnectivit y
http://technet.microsoft.com/en-us/library/bb123540.aspx
Plz. check the authentication on the Microsoft-Server-ActiveSyn
Run the test-activesyncconnectivit
Test-ActiveSyncConnectivit
http://technet.microsoft.com/en-us/library/bb123540.aspx
ASKER
The wildcard certificate can be used on multiple exchange servers, however the secret seems to be this:
Export the certificate with private key from the first server, then through the certificates mmc import it to the personal store. It can then be used through the EMC to assign services. If you try to import the certificate through the actions pane it complains about a matching thumbprint.
Regards, jk
Export the certificate with private key from the first server, then through the certificates mmc import it to the personal store. It can then be used through the EMC to assign services. If you try to import the certificate through the actions pane it complains about a matching thumbprint.
Regards, jk