I, as have many others, have been struggling with ActiveSync working in conjunction with Microsoft TMG and Exchange 2003. I have OWA working great to the Internet, but ActiveSync fails with this error (provided by AccessMyLan ActiveSync Tester: ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].) The www.testexchangeconnectivity.com
error log appears below:
RCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Attempting to resolve the host name webmail.xxxxxxxxxxxx.com in DNS.
The host name resolved successfully.
IP addresses returned: 126.96.36.199
Testing TCP port 443 on host webmail.xxxxxxxxxxxx.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Validating the certificate name.
The certificate name was validated successfully.
Host name webmail.xxxxxxxxxxxx.com was found in the Certificate Subject Common name.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
The certificate is valid. NotBefore = 2/15/2011 5:36:57 PM, NotAfter = 1/29/2013 2:33:22 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://webmail.xxxxxxxxxxxx.com/Microsoft-Server-Activesync/
The HTTP authentication methods are correct.
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Headers received: Connection: Keep-Alive
Public: OPTIONS, POST
Allow: OPTIONS, POST
Date: Sun, 20 Feb 2011 04:16:42 GMT
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
I have checked and rechecked virtual directory permissions ad nauseum, and from what I have read, recreating them is generally not helpful and a long and tedious process. I'm SOOOO close--what else can I try?