Link to home
Start Free TrialLog in
Avatar of Autowest
Autowest

asked on

Email ports through Active Sync Droid email but will not go through Outlook 2007

I am running Server 2003 with exchange 2003 Standard Edition. i am having issues where My active sync failed but now pushes email through it but fails EXRCA when testing for Active Sync. Another issue we are having is email is not being pushed to outlook clients but works via OWA and Active Sync.

I have tried everything and am at the end of my line.
Avatar of Busbar
Busbar
Flag of Egypt image

can you post the EXRCA report
Avatar of Autowest
Autowest

ASKER


      ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.serramontebodyshop.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 74.0.32.3
      Testing TCP port 443 on host mail.serramontebodyshop.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 74.0.32.3:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
The outlook client is now reporting offline as well.
do you have port 443 opened in the firewall
its open in firewall and tested within with portqry.exe
but the EXRCA cannot connect to the host so either something is wrong in the config or in the DNS
yeah i can't seem to figure this out.
what is the firewall you are using, can you post the config you are using.
also do you have windows firewall turned off on the exchange server
i have the windows firewall turned off and am running an ASA5505 cisco i will get you the configs.
: Saved
:
ASA Version 8.0(4)
!
hostname colmaASA
domain-name serramontebodyshop.com

names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.8.2.1 255.255.255.0
 ospf cost 10
!
interface Vlan2
 no forward interface Vlan1
 nameif dmz
 security-level 50
 no ip address
 ospf cost 10
!
interface Vlan11
 nameif outside
 security-level 0
 ip address 74.0.32.2 255.255.255.248
 ospf cost 10
!
interface Ethernet0/0
 switchport access vlan 11
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa804-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name serramontebodyshop.com
same-security-traffic permit intra-interface
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.8.3.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.140.110.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.147.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.149.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.141.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.140.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.154.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.10.1.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.140.110.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.147.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.149.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.141.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.140.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.154.100.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.10.1.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.147.110.0 255.255.255.0
access-list no-nat extended permit ip 10.8.3.0 255.255.255.0 10.147.110.0 255.255.255.0
access-list no-nat extended permit ip 10.8.2.0 255.255.255.0 10.149.110.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit tcp any host 74.0.32.3 eq pcanywhere-data
access-list outside_access_in extended permit udp any host 74.0.32.3 eq pcanywhere-status
access-list outside_access_in extended permit tcp any host 74.0.32.3 eq smtp
access-list outside_access_in extended permit tcp any host 74.0.32.3 eq www
access-list outside_access_in extended permit tcp any host 74.0.32.4 eq 3390
access-list outside_access_in extended permit udp any host 74.0.32.4 eq 3550
access-list outside_access_in extended permit tcp any host 74.0.32.4 eq 4550
access-list outside_access_in extended permit tcp any host 74.0.32.4 eq 5550
access-list outside_access_in extended permit tcp any host 74.0.32.4 eq 3389
access-list outside_access_in extended permit tcp any host 74.0.32.4 eq www
access-list outside_access_in extended permit tcp any host 74.0.32.4 eq pcanywhere-data
access-list outside_access_in extended permit udp any host 74.0.32.4 eq pcanywhere-status
access-list outside_access_in extended permit tcp any host 74.0.32.4 eq 3550
access-list outside_access_in extended permit tcp any host 74.0.32.5 eq pcanywhere-data
access-list outside_access_in extended permit udp any host 74.0.32.5 eq pcanywhere-status
access-list outside_access_in extended permit tcp any eq https host 74.0.32.3
access-list fremont extended permit ip 10.8.2.0 255.255.255.0 10.147.100.0 255.255.255.0
access-list fremont extended permit ip 10.8.3.0 255.255.255.0 10.147.100.0 255.255.255.0
access-list fremont extended permit ip 10.8.3.0 255.255.255.0 10.147.110.0 255.255.255.0
access-list fremont extended permit ip 10.8.2.0 255.255.255.0 10.147.110.0 255.255.255.0
access-list sunnyvale extended permit ip 10.8.2.0 255.255.255.0 10.149.100.0 255.255.255.0
access-list sunnyvale extended permit ip 10.8.3.0 255.255.255.0 10.149.100.0 255.255.255.0
access-list sunnyvale extended permit ip 10.8.2.0 255.255.255.0 10.149.110.0 255.255.255.0
access-list oakland extended permit ip 10.8.2.0 255.255.255.0 10.141.100.0 255.255.255.0
access-list oakland extended permit ip 10.8.3.0 255.255.255.0 10.141.100.0 255.255.255.0
access-list autowest extended permit ip 10.8.2.0 255.255.255.0 10.140.100.0 255.255.255.0
access-list autowest extended permit ip 10.8.3.0 255.255.255.0 10.140.100.0 255.255.255.0
access-list autowest extended permit ip 10.8.2.0 255.255.255.0 10.140.110.0 255.255.255.0
access-list concord extended permit ip 10.8.2.0 255.255.255.0 10.154.100.0 255.255.255.0
access-list concord extended permit ip 10.8.3.0 255.255.255.0 10.154.100.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.8.2.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.10.1.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.140.100.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.141.100.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.147.100.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.149.100.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.154.100.0 255.255.255.0
access-list vpn-splitTunnel standard permit 10.140.110.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu dmz 1500
mtu outside 1500
ip local pool vpn-pool 10.8.3.1-10.8.3.254
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-61551.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list no-nat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 74.0.32.3 10.8.2.5 netmask 255.255.255.255
static (inside,outside) 74.0.32.4 10.8.2.7 netmask 255.255.255.255
static (inside,outside) 74.0.32.5 10.8.2.50 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 74.0.32.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server ADServer protocol nt
aaa-server ADServer (inside) host 10.8.2.5
 nt-auth-domain-controller bs-exch-serr
http server enable
http 71.6.67.224 255.255.255.224 outside
http 10.8.2.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set strong-set esp-des esp-md5-hmac
crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dynmap 10 set transform-set 3DES-MD5
crypto dynamic-map dynmap 10 set security-association lifetime seconds 28800
crypto dynamic-map dynmap 10 set security-association lifetime kilobytes 4608000
crypto map vpn-map 20 match address fremont
crypto map vpn-map 20 set peer 207.101.242.74
crypto map vpn-map 20 set transform-set strong-set
crypto map vpn-map 20 set security-association lifetime seconds 28800
crypto map vpn-map 20 set security-association lifetime kilobytes 4608000
crypto map vpn-map 30 match address sunnyvale
crypto map vpn-map 30 set peer 74.7.242.186
crypto map vpn-map 30 set transform-set strong-set 3DES-MD5
crypto map vpn-map 30 set security-association lifetime seconds 28800
crypto map vpn-map 30 set security-association lifetime kilobytes 4608000
crypto map vpn-map 40 match address oakland
crypto map vpn-map 40 set peer 67.101.114.219
crypto map vpn-map 40 set transform-set strong-set
crypto map vpn-map 40 set security-association lifetime seconds 28800
crypto map vpn-map 40 set security-association lifetime kilobytes 4608000
crypto map vpn-map 50 match address autowest
crypto map vpn-map 50 set peer 67.100.56.76
crypto map vpn-map 50 set transform-set strong-set
crypto map vpn-map 50 set security-association lifetime seconds 28800
crypto map vpn-map 50 set security-association lifetime kilobytes 4608000
crypto map vpn-map 60 match address concord
crypto map vpn-map 60 set peer 69.199.199.74
crypto map vpn-map 60 set transform-set strong-set
crypto map vpn-map 60 set security-association lifetime seconds 28800
crypto map vpn-map 60 set security-association lifetime kilobytes 4608000
crypto map vpn-map 70 set security-association lifetime seconds 28800
crypto map vpn-map 70 set security-association lifetime kilobytes 4608000
crypto map vpn-map 65535 ipsec-isakmp dynamic dynmap
crypto map vpn-map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 20
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
telnet 10.8.2.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 enable outside
 svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
 svc enable
group-policy autowest internal
group-policy autowest attributes
 wins-server value 10.8.2.5
 dns-server value 10.8.2.5
 vpn-idle-timeout 30
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn-splitTunnel
 default-domain value autowest.net
group-policy serramonte internal
group-policy serramonte attributes
 wins-server value 10.8.2.5
 dns-server value 10.8.2.5
 vpn-idle-timeout 30
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn-splitTunnel
 default-domain value bodyshop.california
group-policy awserra-anypolicy internal
group-policy awserra-anypolicy attributes
 wins-server value 10.8.2.5 10.140.100.3
 dns-server value 10.8.2.5 10.140.100.3
 vpn-tunnel-protocol svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn-splitTunnel
 default-domain value bodyshop.california
 webvpn
  svc ask none default svc
username admin password KxpsEFsqS8wKqtBo encrypted privilege 15
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool vpn-pool
 authentication-server-group ADServer
 default-group-policy awserra-anypolicy
tunnel-group autowest type remote-access
tunnel-group autowest general-attributes
 address-pool vpn-pool
 authentication-server-group ADServer
 default-group-policy autowest
tunnel-group autowest ipsec-attributes
 pre-shared-key *
tunnel-group serramonte type remote-access
tunnel-group serramonte general-attributes
 address-pool vpn-pool
 authentication-server-group ADServer
 default-group-policy serramonte
tunnel-group serramonte ipsec-attributes
 pre-shared-key *
tunnel-group 66.125.252.2 type ipsec-l2l
tunnel-group 66.125.252.2 ipsec-attributes
 pre-shared-key *
tunnel-group 64.105.38.138 type ipsec-l2l
tunnel-group 64.105.38.138 ipsec-attributes
 pre-shared-key *
tunnel-group 207.101.242.74 type ipsec-l2l
tunnel-group 207.101.242.74 ipsec-attributes
 pre-shared-key *
tunnel-group 67.101.114.219 type ipsec-l2l
tunnel-group 67.101.114.219 ipsec-attributes
 pre-shared-key *
tunnel-group 71.133.34.185 type ipsec-l2l
tunnel-group 71.133.34.185 ipsec-attributes
 pre-shared-key *
tunnel-group 67.100.56.76 type ipsec-l2l
tunnel-group 67.100.56.76 ipsec-attributes
 pre-shared-key *
tunnel-group 74.7.242.186 type ipsec-l2l
tunnel-group 74.7.242.186 ipsec-attributes
 pre-shared-key *
tunnel-group 69.199.199.74 type ipsec-l2l
tunnel-group 69.199.199.74 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:326da5ef42c92d46ce25e87feb9c8ad6
: end
asdm image disk0:/asdm-61551.bin
no asdm history enable
ASKER CERTIFIED SOLUTION
Avatar of Busbar
Busbar
Flag of Egypt image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I have it active in the control panel but not showing up in the config.
can you help me fix this i am not a cisco appliance savvy person but i do have access to the web control panel to make the necessary changes.
I still get this error. But can't figure out why outlook will not connect to the exchange server. I know OWA works fine.

      Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name 10.8.2.5 in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 10.8.2.5
      Testing TCP port 443 on host 10.8.2.5 to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.8.2.5:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
So nothing none of the solutions provided fixed the issue. I had to resort to building a new server.
Avatar of Alan Hardisty
It's a shame no-one posted my Exchange 2003 / Activesync article that might have helped you here:

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
I did look at your article and followed your steps. I still have that issue.

I did get email to work through email clients on the domain. But Active sync is still down.

I am building a Server 2008 R2 Server with Exchange 2010 and plan on migrating everything over.

Oh well - good luck.  If you get stuck anywhere - let me know.

Alan
Do you do remote connection into a server. I was hoping to get Exchange 2003 fixed before i migrated over.
Not via EE as part of a question - it is against the Terms and Conditions.
oh okay thanks