Solved

Exchange ActiveSync (2010) connectivity test fails with HTTP 401

Posted on 2010-11-29
6
2,225 Views
Last Modified: 2012-06-27
Hello,

We just buil a new 2010 CAS server after a problem with our original one and everything is working fine except activesync.  Mobile users cannot connect and using https://www.testexchangeconnectivity.com/, we get the following:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
 Autodiscover was successfully tested for Exchange ActiveSync.
 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service was tested successfully.
 Test Steps
 Attempting to test potential Autodiscover URL https://mydomaiin.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name mydomain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 64.29.x.x

Testing TCP port 443 on host mydomain.com to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with the remote host.
Exception details:
Message: No connection could be made because the target machine actively refused it 64.29.x.x:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()

Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
 Testing of the Autodiscover URL was successful.
 Test Steps
 Attempting to resolve the host name autodiscover.mydomain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.111.x.x

Testing TCP port 443 on host autodiscover.mydomain.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name autodiscover.mydomain.com was found in the Certificate Subject Alternative Name entry.

Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 Additional Details
 The certificate chain has been validated up to a trusted root. Root = CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 11/29/2010 12:00:00 AM, NotAfter = 8/13/2011 11:59:59 PM

Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
 Test Steps
 ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml for user user@mydomain.com.
 The Autodiscover XML response was successfully retrieved.
 Additional Details
 Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>User</DisplayName>
<EMailAddress>user@mydomain.com</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.mydomain.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.mydomain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>

Validating Exchange ActiveSync settings.
 Exchange ActiveSync URL https://mail.mydomain.com/Microsoft-Server-ActiveSync was validated successfully.
Attempting to resolve the host name mail.mydomain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.111.x.x

Testing TCP port 443 on host mail.mydomain.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.mydomain.com was found in the Certificate Subject Alternative Name entry.

Validating certificate trust for Windows Mobile devices.
 The certificate is trusted and all certificates are present in the chain.
 Additional Details
 The certificate is trusted for Windows Mobile 5.0 and later versions. Root = CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 11/29/2010 12:00:00 AM, NotAfter = 8/13/2011 11:59:59 PM

Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.mydomain.com/Microsoft-Server-ActiveSync.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 Testing of the OPTIONS command failed. For more information, see Additional Details.
 Additional Details
 A Web exception occurred because an HTTP 401 - Unauthorized response was received from IIS7.



Any ideas as to what the culprit is would be greatly appreciated.

Thanks.
0
Comment
Question by:partners1998
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 2

Accepted Solution

by:
cclancy45 earned 500 total points
ID: 34233306
IIS Virtual Directory permissions problem would be my guess.

Is this server just a standalone CAS server (MB / HT on other servers)
0
 

Author Comment

by:partners1998
ID: 34233624
Hi cclancy45,

This is a CAS/HT server with MB on another server.

Thanks.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34234751
If I click on the link to https://mail.yourdomain.com/Microsoft-Server-Activesync I get the following:

Meow! There has been an error.
Microsoft-Server-ActiveSync could not be found.  It also appears to not allow HTTPS to this site.

It looks like you have completely customised the default website (or someone has) and as a result, you may be redirecting items all over the place and causing yourself problems.

Does this sound about right?
0
 

Author Closing Comment

by:partners1998
ID: 34235482
Whoops, sorry but I changed our domain name to "mydomain" in order to disguise it. I had no idea it would lead to a real website. In any case, I figured out that I had conflicting permissions on the activesync virtual directory. So, cclancy45, you get the nod. Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34235497
Good accidental choice of website name - I will disguise it to protect their identity : )

Alan
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question