Solved

Exchange ActiveSync (2010) connectivity test fails with HTTP 401

Posted on 2010-11-29
6
2,202 Views
Last Modified: 2012-06-27
Hello,

We just buil a new 2010 CAS server after a problem with our original one and everything is working fine except activesync.  Mobile users cannot connect and using https://www.testexchangeconnectivity.com/, we get the following:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
 Autodiscover was successfully tested for Exchange ActiveSync.
 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service was tested successfully.
 Test Steps
 Attempting to test potential Autodiscover URL https://mydomaiin.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name mydomain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 64.29.x.x

Testing TCP port 443 on host mydomain.com to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with the remote host.
Exception details:
Message: No connection could be made because the target machine actively refused it 64.29.x.x:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()

Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
 Testing of the Autodiscover URL was successful.
 Test Steps
 Attempting to resolve the host name autodiscover.mydomain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.111.x.x

Testing TCP port 443 on host autodiscover.mydomain.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name autodiscover.mydomain.com was found in the Certificate Subject Alternative Name entry.

Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 Additional Details
 The certificate chain has been validated up to a trusted root. Root = CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 11/29/2010 12:00:00 AM, NotAfter = 8/13/2011 11:59:59 PM

Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
 Test Steps
 ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml for user user@mydomain.com.
 The Autodiscover XML response was successfully retrieved.
 Additional Details
 Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>User</DisplayName>
<EMailAddress>user@mydomain.com</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.mydomain.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.mydomain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>

Validating Exchange ActiveSync settings.
 Exchange ActiveSync URL https://mail.mydomain.com/Microsoft-Server-ActiveSync was validated successfully.
Attempting to resolve the host name mail.mydomain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.111.x.x

Testing TCP port 443 on host mail.mydomain.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.mydomain.com was found in the Certificate Subject Alternative Name entry.

Validating certificate trust for Windows Mobile devices.
 The certificate is trusted and all certificates are present in the chain.
 Additional Details
 The certificate is trusted for Windows Mobile 5.0 and later versions. Root = CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 11/29/2010 12:00:00 AM, NotAfter = 8/13/2011 11:59:59 PM

Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.mydomain.com/Microsoft-Server-ActiveSync.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 Testing of the OPTIONS command failed. For more information, see Additional Details.
 Additional Details
 A Web exception occurred because an HTTP 401 - Unauthorized response was received from IIS7.



Any ideas as to what the culprit is would be greatly appreciated.

Thanks.
0
Comment
Question by:partners1998
  • 2
  • 2
6 Comments
 
LVL 2

Accepted Solution

by:
cclancy45 earned 500 total points
Comment Utility
IIS Virtual Directory permissions problem would be my guess.

Is this server just a standalone CAS server (MB / HT on other servers)
0
 

Author Comment

by:partners1998
Comment Utility
Hi cclancy45,

This is a CAS/HT server with MB on another server.

Thanks.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
If I click on the link to https://mail.yourdomain.com/Microsoft-Server-Activesync I get the following:

Meow! There has been an error.
Microsoft-Server-ActiveSync could not be found.  It also appears to not allow HTTPS to this site.

It looks like you have completely customised the default website (or someone has) and as a result, you may be redirecting items all over the place and causing yourself problems.

Does this sound about right?
0
 

Author Closing Comment

by:partners1998
Comment Utility
Whoops, sorry but I changed our domain name to "mydomain" in order to disguise it. I had no idea it would lead to a real website. In any case, I figured out that I had conflicting permissions on the activesync virtual directory. So, cclancy45, you get the nod. Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Good accidental choice of website name - I will disguise it to protect their identity : )

Alan
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now