Solved

changing IP of Exchange 2003 server has broken connection of activesync devices

Posted on 2011-02-28
14
578 Views
Last Modified: 2012-05-11
We recently changed the inside IP of our 2003 exchange server and now activesync devices can no longer connect.

i believe it is a certificate issue because I'm told that the certificate warning that comes up in OWA is new as well.

Our firewall NATs the internal address to an external which hasn't changed. I didn't think the inside IP would matter or be part of the certificate.  I might be looking in the wrong place but I don't see a 3rd party certificate on this exchange server.

I tried unchecking 'require Secure Channel on the OWA website but I still get prompted for unknown certificate in OWA.

Why would a change to inside IPs cause this?

should I update my 3rd party certificate and where would I find it?  I only saw self signed certificates in IIS.

Is there a way for OWA to accept the unknown (self signed) certificate so that my activesync devices can connect?

thanks,

Paul
0
Comment
Question by:c2media
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
14 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 35002587
Check the IP Address associated with the Default Website and check to see if that is All Unassigned - as it should be - or a specific IP Address.

Ideally - if not All unassigned - please change it to this.

Failing that - please review my Exchange 2003 / Activesync article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 

Author Comment

by:c2media
ID: 35003070
Hi Alan,

The default website was set to 'All Unassigned' so no luck there.

Great article.  Unfortunately my activesync users still can't connect. the only issue I found, which has been going on for a while now is that old DNS entry for my company that comes up from when using 'exchangeconnectivity.com'.  i'll have to do another post because I'm not sure how to track it down.

I don't think it's the cause of my problem  because my OWA can connect; they just get prompted with the unknown certificate message that my iphone users can't get around.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003104
What about your Router - is that forwarding to the correct internal IP Address?

Is the certificate named with an IP Address or an FQDN e.g., mail.domain.com?

Have you run the test on https://testexchangeconnectivity.com to see if that can see what the problem is?  It should provide some clues.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:c2media
ID: 35003244
my router does forward to the correct internal IP.

the certificate is named with an FQDN.  mail.corporateidentity.net

I ran the test from testexchangeconnectivity.com before but didn't see anything useful.. then i looked at your article again and manually input the server name.

this time i got the following error and will attempt to troubleshoot using your article.

***************************
n ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
       
      Test Steps
       
      Attempting to send the OPTIONS command to the server.
       The OPTIONS response was successfully received and is valid.
       
      Additional Details
       Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Tue, 01 Mar 2011 01:20:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Exchange ActiveSync returned an HTTP 500 response.

*****************************************
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003318
Oh - the 500 error!  Could be nasty :(

Is the default website still using All unassigned and port 80 / 443?  The 500 error can be caused by these settings not being correct.

Are there any other Websites using port 80 / 443 on your server?
0
 

Author Comment

by:c2media
ID: 35003366
I just reset the default virtual directories per:
http://support.microsoft.com/kb/883380

i re ran the connectivity test and get the same error. :( indeed

the default website is still using unassigned on port 80 / 443.  there aren't any other websites on this server.

There is one other website on my server but it is using 8099 and 8098.

what to do?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003379
Have you rebooted the server since the IP Change?
0
 

Author Comment

by:c2media
ID: 35003411
yes a few times.

a couple of questions about your article.

how to i disable forms based authentication?

Disable Forms Based Authentication - Exchange HTTP Protocol (if enabled)  ** i'm not sure if this is in IIS or ESM.

is this unchecking 'require SSL' in the exchange virtual directory?

• Remove SSL settings from the Exchange IIS virtual directory

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003430
FBA is disabled in ESM on the HTTP Protocol Properties.

Removing FBA should remove the Require SSL on the Exchange virtual directory.  If you have FBA enabled, you need to create the exchange-oma virtual directory by following KB817379.
0
 

Author Comment

by:c2media
ID: 35003453
tried those first couple steps and reran the test with the same 500 error.

i've got to run out but thanks for your help.. let me know if there is anything else I should try in addition to what is in your article.

thanks,

Paul
0
 

Author Comment

by:c2media
ID: 35007252
i tried all your steps including reviewing the settings on the exchweb directories.. running isinteg now.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35007314
Have you download the Access My LAN test tool and run that internally to see if it works inside the LAN?  Might rule in / out the firewall / router.
0
 

Author Comment

by:c2media
ID: 35007475
do you mean the software from www.accessmylan.com?  i'm installing it now.
0
 

Author Comment

by:c2media
ID: 35009962
Hi Alan,

I got it working with your help and needed a little assist from this article.

http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm


I'm not sure if the thing that did it was restarting the iisadmin service or going into 'IP address and domain name restictions and deny access to all but the exchange server.

I got the link from here.
http://technet.microsoft.com/en-us/library/dd439375(EXCHG.80).aspx
someone had the same issue as me with changing IPs.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question