Solved

Cannot Connect to Exchange 2010 Servr using Active Sync

Posted on 2010-09-08
20
629 Views
Last Modified: 2012-05-10
I have a new Exchange 2010 server that I am trying to connect to via active sync.  Presently I am still using my old Exchange 2003 server for this with out any trouble.  When I go into my firewall and point port 80 to the new Exchange IP Address I get a  cannot connect to server error.  As soon as I switch back to the old server I can with out any issues.   Outlook Web access does work when I make the IP switch for port 80 on the new server.

Thoughts?  The error says cannot connect to server.
0
Comment
Question by:stacystyles
  • 10
  • 6
  • 3
  • +1
20 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33629473
Why are you using port 80 (HTTP - not secure) for Activesync - you should be using port 443 (HTTPS - Secure HTTP).
Have you forwarded port 443 too?
0
 
LVL 6

Expert Comment

by:Gunter17
ID: 33629557
Alanhardisty is correct, by default Exchange 2010 will use HTTPS(443) for OWA. You can manually change it in the Client Access portion of Exchange Management Console.
0
 
LVL 3

Expert Comment

by:SangramGohil
ID: 33629566
test activesync with following url and post logs here

https://www.testexchangeconnectivity.com/

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:stacystyles
ID: 33629572
Right now I am testing it this way as we do not have a ssl enabled on our old server and just want to get connectivity working.
0
 

Author Comment

by:stacystyles
ID: 33630039
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
 
Test Steps
        
Attempting to resolve the host name mail.acuotech.com in DNS.
       Host successfully resolved
        
Additional Details

 
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
       The port was opened successfully.
 
ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
        
Test Steps
        
The certificate name is being validated.
       Certificate name validation failed.
         Tell me more about this issue and how to resolve it

        
Additional Details
       Host name mail.acuotech.com does not match any name found on the server certificate CN=WMSvc-EXCHANGE





0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33630476
You would be best advised to purchase a 3rd party SSL certificate from somewhere like GoDaddy.com (about the cheapest) and install that on your server to make life easier.

You will need a Multi-Name cert (SAN / UCC) to work properly and will need the following names included:

mail.yourdomain.com
Autodiscover.yourdomain.com
Internalservername.internaldomain.local
Internalservername

An SSL certificate will make life much easier and will mean no certificate errors for any Exchange functions.

The default Exchange 2010 SSL certificate is not ideal.
0
 
LVL 3

Expert Comment

by:SangramGohil
ID: 33631014
that looks like certificate problem. try to ignore certificate trust and check again if that works.

And alanhardisty is correct on rest of the part.
0
 

Author Comment

by:stacystyles
ID: 33631741
I did check ignore certs and it still did that.  I have ordered a cert from Go Daddy and will let you know tomorrow when I get it how it looks
0
 

Author Comment

by:stacystyles
ID: 33637956
Ok I purchased a Cert from Go Daddy and this is what I get now.

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.acuotech.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 173.11.47.241
 
 Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
  The port was opened successfully.
 ExRCA is testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   The certificate name is being validated.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
 
 
 
 
 
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33638054
Your certificate is issued to acuotech.com and you are trying to access mail.acuotech.com - they need to match and they need to resolve to the IP of your Exchange server.
Did you buy a SAN / UCC certificate (Multi-Name) certificate - minimum 5 names, or a single name certificate as per my previous comment?
Your certificate should be named mail.acuotech.com for things to work properly.  You can either re-key the certificate if it is a SAN / UCC certificate or if only a single name certificate, you bought the wrong certificate.
0
 

Author Comment

by:stacystyles
ID: 33638175
I bought the Multi Name min 5 names cert.  Where do I rekey the cert at?  
0
 
LVL 3

Expert Comment

by:SangramGohil
ID: 33638290
you got subject alternative names as

DNS Name=acuotech.com
DNS Name=www.acuotech.com


you need to correct subject alternative name

you will need to add

DNS Name=mail.acuotech.com
DNS Name=autodiscover.acuotech.com
DNS Name=<internalserverrname>required for internal use outlook etc
DNS Name=<internalserver FQDN>
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33638317
Thanks SangramGohil - I covered that here http:#a33630476
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33638368
Visit https://www.digicert.com/easy-csr/exchange2007.htm
Follow the prompts to put in the correct details.  Copy the output to a file, copy the file to the server, run the output in the Exchange Management Shell and this will generate a new Certifcate Signing Request.
Copy the contents of the Certificate Signing Request into GoDaddy's website where you can re-key the certificate, wait for the certificate, import the certificate, repair the private key (it won't have one and won't allow you to enable it), then enable the certificate and then test again.
Take it step by step and I'll offer relevant instructions at each stage.
0
 

Author Comment

by:stacystyles
ID: 33639480
I called Go Daddy and the problem was that none of the names took.  I am awaiting approval for the new one to be downloaded.
0
 

Author Comment

by:stacystyles
ID: 33639656
Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:00


Read file
Completed

Exchange Management Shell command completed:
Read binary stream from the file 'C:\Users\administrator.GALAXY\Desktop\certs\acuotech.com.crt'.

Elapsed Time: 00:00:00


acuotech.com.crt
Failed

Error:
Cannot import certificate. A certificate with the thumbprint A0FFF5041BCB4E5012C74AF93FE6D337C4B6CD4E already exists.

Exchange Management Shell command attempted:
Import-ExchangeCertificate -Server 'EXCHANGE' -FileData '<Binary Data>'

Elapsed Time: 00:00:00

0
 

Author Comment

by:stacystyles
ID: 33640630
Talked with GD and now the cert is installed and going to test the connection
0
 

Author Comment

by:stacystyles
ID: 33640670
ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.acuotech.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 173.11.47.241

Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 The certificate name is being validated.
 Successfully validated the certificate name
 Additional Details
 Found hostname mail.acuotech.com in Certificate Subject Alternative Name entry

Validating certificate trust for Windows Mobile Devices
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 Certificate is only trusted on Windows Mobile 5.0 AKU2 (MSFP) and later. Windows Mobile 5.0 devices will not be able to sync. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

The certificate date is being confirmed to ensure the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 Certificate is valid: NotBefore = 9/9/2010 7:31:06 PM, NotAfter = 9/9/2013 2:08:54 PM"



The IIS configuration is being checked for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates not configured.

Testing Http Authentication Methods for URL https://mail.acuotech.com/Microsoft-Server-Activesync/
 The HTTP authentication methods are correct.
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the ActiveSync session
 Test Steps
 ExRCA is attempting to send the OPTIONS command to the server.
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.0
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Thu, 09 Sep 2010 19:41:08 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET



ExRCA is attempting the FolderSync command on the Exchange ActiveSync session.
 The test of the FolderSync command failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Exchange ActiveSync returned an HTTP 500 response.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 33640805
Please check your inherited permissions (have a read through my article) and make sure that the Inherited check box is selected then run the test again:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html 
0
 

Author Closing Comment

by:stacystyles
ID: 33646039
Thank you very much.  This did the trick.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question