Solved

ActiveSync with Exchange 2003 and TMG gives 403 error

Posted on 2011-02-19
2
1,816 Views
Last Modified: 2012-05-11
I, as have many others, have been struggling with ActiveSync working in conjunction with Microsoft TMG and Exchange 2003.  I have OWA working great to the Internet, but ActiveSync fails with this error (provided by AccessMyLan ActiveSync Tester:  ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].)  The www.testexchangeconnectivity.com error log appears below:

RCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name webmail.xxxxxxxxxxxx.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 75.146.74.107
 
 Testing TCP port 443 on host webmail.xxxxxxxxxxxx.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name webmail.xxxxxxxxxxxx.com was found in the Certificate Subject Common name.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 2/15/2011 5:36:57 PM, NotAfter = 1/29/2013 2:33:22 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://webmail.xxxxxxxxxxxx.com/Microsoft-Server-Activesync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Connection: Keep-Alive
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Sun, 20 Feb 2011 04:16:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 
 
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
 
I have checked and rechecked virtual directory permissions ad nauseum, and from what I have read, recreating them is generally not helpful and a long and tedious process.  I'm SOOOO close--what else can I try?
0
Comment
Question by:thomsone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34936142
Please read through my Exchange 2003 / Activesync article and make sure your settings are correct:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Run the test on the Access My Lan Tool locally as this will bypass TMG to make sure the server is okay and if that passes, you can troubleshoot TMG, hopefully with Keith_Alabaster's help.

FYI - I'm currently on holiday, so replies won't be quick in coming!!
0
 

Author Closing Comment

by:thomsone
ID: 34937782
Alan is the guy to talk to about this!  I went through it again and realized that I hadn't copied Exchange-OMA from Exchange for the new virtual directory.  Once I did that and set permissions appropriately, ActiveSync was working, and my iPhone began to communicate.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In-place Upgrading Dirsync to Azure AD Connect
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question