Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1824
  • Last Modified:

ActiveSync with Exchange 2003 and TMG gives 403 error

I, as have many others, have been struggling with ActiveSync working in conjunction with Microsoft TMG and Exchange 2003.  I have OWA working great to the Internet, but ActiveSync fails with this error (provided by AccessMyLan ActiveSync Tester:  ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].)  The www.testexchangeconnectivity.com error log appears below:

RCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name webmail.xxxxxxxxxxxx.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 75.146.74.107
 
 Testing TCP port 443 on host webmail.xxxxxxxxxxxx.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name webmail.xxxxxxxxxxxx.com was found in the Certificate Subject Common name.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 2/15/2011 5:36:57 PM, NotAfter = 1/29/2013 2:33:22 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://webmail.xxxxxxxxxxxx.com/Microsoft-Server-Activesync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Connection: Keep-Alive
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Sun, 20 Feb 2011 04:16:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 
 
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
 
I have checked and rechecked virtual directory permissions ad nauseum, and from what I have read, recreating them is generally not helpful and a long and tedious process.  I'm SOOOO close--what else can I try?
0
thomsone
Asked:
thomsone
1 Solution
 
Alan HardistyCommented:
Please read through my Exchange 2003 / Activesync article and make sure your settings are correct:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Run the test on the Access My Lan Tool locally as this will bypass TMG to make sure the server is okay and if that passes, you can troubleshoot TMG, hopefully with Keith_Alabaster's help.

FYI - I'm currently on holiday, so replies won't be quick in coming!!
0
 
thomsoneAuthor Commented:
Alan is the guy to talk to about this!  I went through it again and realized that I hadn't copied Exchange-OMA from Exchange for the new virtual directory.  Once I did that and set permissions appropriately, ActiveSync was working, and my iPhone began to communicate.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now