?
Solved

ActiveSync with Exchange 2003 and TMG gives 403 error

Posted on 2011-02-19
2
Medium Priority
?
1,821 Views
Last Modified: 2012-05-11
I, as have many others, have been struggling with ActiveSync working in conjunction with Microsoft TMG and Exchange 2003.  I have OWA working great to the Internet, but ActiveSync fails with this error (provided by AccessMyLan ActiveSync Tester:  ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].)  The www.testexchangeconnectivity.com error log appears below:

RCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name webmail.xxxxxxxxxxxx.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 75.146.74.107
 
 Testing TCP port 443 on host webmail.xxxxxxxxxxxx.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name webmail.xxxxxxxxxxxx.com was found in the Certificate Subject Common name.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 2/15/2011 5:36:57 PM, NotAfter = 1/29/2013 2:33:22 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://webmail.xxxxxxxxxxxx.com/Microsoft-Server-Activesync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Connection: Keep-Alive
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Sun, 20 Feb 2011 04:16:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 
 
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
 
I have checked and rechecked virtual directory permissions ad nauseum, and from what I have read, recreating them is generally not helpful and a long and tedious process.  I'm SOOOO close--what else can I try?
0
Comment
Question by:thomsone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 34936142
Please read through my Exchange 2003 / Activesync article and make sure your settings are correct:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Run the test on the Access My Lan Tool locally as this will bypass TMG to make sure the server is okay and if that passes, you can troubleshoot TMG, hopefully with Keith_Alabaster's help.

FYI - I'm currently on holiday, so replies won't be quick in coming!!
0
 

Author Closing Comment

by:thomsone
ID: 34937782
Alan is the guy to talk to about this!  I went through it again and realized that I hadn't copied Exchange-OMA from Exchange for the new virtual directory.  Once I did that and set permissions appropriately, ActiveSync was working, and my iPhone began to communicate.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question