Link to home
Start Free TrialLog in
Avatar of stacystyles
stacystyles

asked on

Cannot Connect to Exchange 2010 Servr using Active Sync

I have a new Exchange 2010 server that I am trying to connect to via active sync.  Presently I am still using my old Exchange 2003 server for this with out any trouble.  When I go into my firewall and point port 80 to the new Exchange IP Address I get a  cannot connect to server error.  As soon as I switch back to the old server I can with out any issues.   Outlook Web access does work when I make the IP switch for port 80 on the new server.

Thoughts?  The error says cannot connect to server.
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Why are you using port 80 (HTTP - not secure) for Activesync - you should be using port 443 (HTTPS - Secure HTTP).
Have you forwarded port 443 too?
Alanhardisty is correct, by default Exchange 2010 will use HTTPS(443) for OWA. You can manually change it in the Client Access portion of Exchange Management Console.
test activesync with following url and post logs here

https://www.testexchangeconnectivity.com/

Avatar of stacystyles
stacystyles

ASKER

Right now I am testing it this way as we do not have a ssl enabled on our old server and just want to get connectivity working.
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
 
Test Steps
        
Attempting to resolve the host name mail.acuotech.com in DNS.
       Host successfully resolved
        
Additional Details

 
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
       The port was opened successfully.
 
ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
        
Test Steps
        
The certificate name is being validated.
       Certificate name validation failed.
         Tell me more about this issue and how to resolve it

        
Additional Details
       Host name mail.acuotech.com does not match any name found on the server certificate CN=WMSvc-EXCHANGE





You would be best advised to purchase a 3rd party SSL certificate from somewhere like GoDaddy.com (about the cheapest) and install that on your server to make life easier.

You will need a Multi-Name cert (SAN / UCC) to work properly and will need the following names included:

mail.yourdomain.com
Autodiscover.yourdomain.com
Internalservername.internaldomain.local
Internalservername

An SSL certificate will make life much easier and will mean no certificate errors for any Exchange functions.

The default Exchange 2010 SSL certificate is not ideal.
that looks like certificate problem. try to ignore certificate trust and check again if that works.

And alanhardisty is correct on rest of the part.
I did check ignore certs and it still did that.  I have ordered a cert from Go Daddy and will let you know tomorrow when I get it how it looks
Ok I purchased a Cert from Go Daddy and this is what I get now.

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.acuotech.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 173.11.47.241
 
 Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
  The port was opened successfully.
 ExRCA is testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   The certificate name is being validated.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
 
 
 
 
 
Your certificate is issued to acuotech.com and you are trying to access mail.acuotech.com - they need to match and they need to resolve to the IP of your Exchange server.
Did you buy a SAN / UCC certificate (Multi-Name) certificate - minimum 5 names, or a single name certificate as per my previous comment?
Your certificate should be named mail.acuotech.com for things to work properly.  You can either re-key the certificate if it is a SAN / UCC certificate or if only a single name certificate, you bought the wrong certificate.
I bought the Multi Name min 5 names cert.  Where do I rekey the cert at?  
you got subject alternative names as

DNS Name=acuotech.com
DNS Name=www.acuotech.com


you need to correct subject alternative name

you will need to add

DNS Name=mail.acuotech.com
DNS Name=autodiscover.acuotech.com
DNS Name=<internalserverrname>required for internal use outlook etc
DNS Name=<internalserver FQDN>
Thanks SangramGohil - I covered that here http:#a33630476
Visit https://www.digicert.com/easy-csr/exchange2007.htm
Follow the prompts to put in the correct details.  Copy the output to a file, copy the file to the server, run the output in the Exchange Management Shell and this will generate a new Certifcate Signing Request.
Copy the contents of the Certificate Signing Request into GoDaddy's website where you can re-key the certificate, wait for the certificate, import the certificate, repair the private key (it won't have one and won't allow you to enable it), then enable the certificate and then test again.
Take it step by step and I'll offer relevant instructions at each stage.
I called Go Daddy and the problem was that none of the names took.  I am awaiting approval for the new one to be downloaded.
Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:00


Read file
Completed

Exchange Management Shell command completed:
Read binary stream from the file 'C:\Users\administrator.GALAXY\Desktop\certs\acuotech.com.crt'.

Elapsed Time: 00:00:00


acuotech.com.crt
Failed

Error:
Cannot import certificate. A certificate with the thumbprint A0FFF5041BCB4E5012C74AF93FE6D337C4B6CD4E already exists.

Exchange Management Shell command attempted:
Import-ExchangeCertificate -Server 'EXCHANGE' -FileData '<Binary Data>'

Elapsed Time: 00:00:00

Talked with GD and now the cert is installed and going to test the connection
ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.acuotech.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 173.11.47.241

Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 The certificate name is being validated.
 Successfully validated the certificate name
 Additional Details
 Found hostname mail.acuotech.com in Certificate Subject Alternative Name entry

Validating certificate trust for Windows Mobile Devices
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 Certificate is only trusted on Windows Mobile 5.0 AKU2 (MSFP) and later. Windows Mobile 5.0 devices will not be able to sync. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

The certificate date is being confirmed to ensure the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 Certificate is valid: NotBefore = 9/9/2010 7:31:06 PM, NotAfter = 9/9/2013 2:08:54 PM"



The IIS configuration is being checked for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates not configured.

Testing Http Authentication Methods for URL https://mail.acuotech.com/Microsoft-Server-Activesync/
 The HTTP authentication methods are correct.
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the ActiveSync session
 Test Steps
 ExRCA is attempting to send the OPTIONS command to the server.
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.0
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Thu, 09 Sep 2010 19:41:08 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET



ExRCA is attempting the FolderSync command on the Exchange ActiveSync session.
 The test of the FolderSync command failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Exchange ActiveSync returned an HTTP 500 response.
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you very much.  This did the trick.