Solved

ActiveSync with Exchange 2003 and TMG gives 403 error

Posted on 2011-02-19
2
1,798 Views
Last Modified: 2012-05-11
I, as have many others, have been struggling with ActiveSync working in conjunction with Microsoft TMG and Exchange 2003.  I have OWA working great to the Internet, but ActiveSync fails with this error (provided by AccessMyLan ActiveSync Tester:  ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].)  The www.testexchangeconnectivity.com error log appears below:

RCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name webmail.xxxxxxxxxxxx.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 75.146.74.107
 
 Testing TCP port 443 on host webmail.xxxxxxxxxxxx.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name webmail.xxxxxxxxxxxx.com was found in the Certificate Subject Common name.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 2/15/2011 5:36:57 PM, NotAfter = 1/29/2013 2:33:22 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://webmail.xxxxxxxxxxxx.com/Microsoft-Server-Activesync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Connection: Keep-Alive
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Sun, 20 Feb 2011 04:16:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 
 
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
 
I have checked and rechecked virtual directory permissions ad nauseum, and from what I have read, recreating them is generally not helpful and a long and tedious process.  I'm SOOOO close--what else can I try?
0
Comment
Question by:thomsone
2 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34936142
Please read through my Exchange 2003 / Activesync article and make sure your settings are correct:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Run the test on the Access My Lan Tool locally as this will bypass TMG to make sure the server is okay and if that passes, you can troubleshoot TMG, hopefully with Keith_Alabaster's help.

FYI - I'm currently on holiday, so replies won't be quick in coming!!
0
 

Author Closing Comment

by:thomsone
ID: 34937782
Alan is the guy to talk to about this!  I went through it again and realized that I hadn't copied Exchange-OMA from Exchange for the new virtual directory.  Once I did that and set permissions appropriately, ActiveSync was working, and my iPhone began to communicate.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now