Solved

changing IP of Exchange 2003 server has broken connection of activesync devices

Posted on 2011-02-28
14
574 Views
Last Modified: 2012-05-11
We recently changed the inside IP of our 2003 exchange server and now activesync devices can no longer connect.

i believe it is a certificate issue because I'm told that the certificate warning that comes up in OWA is new as well.

Our firewall NATs the internal address to an external which hasn't changed. I didn't think the inside IP would matter or be part of the certificate.  I might be looking in the wrong place but I don't see a 3rd party certificate on this exchange server.

I tried unchecking 'require Secure Channel on the OWA website but I still get prompted for unknown certificate in OWA.

Why would a change to inside IPs cause this?

should I update my 3rd party certificate and where would I find it?  I only saw self signed certificates in IIS.

Is there a way for OWA to accept the unknown (self signed) certificate so that my activesync devices can connect?

thanks,

Paul
0
Comment
Question by:c2media
  • 8
  • 6
14 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
Check the IP Address associated with the Default Website and check to see if that is All Unassigned - as it should be - or a specific IP Address.

Ideally - if not All unassigned - please change it to this.

Failing that - please review my Exchange 2003 / Activesync article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 

Author Comment

by:c2media
Comment Utility
Hi Alan,

The default website was set to 'All Unassigned' so no luck there.

Great article.  Unfortunately my activesync users still can't connect. the only issue I found, which has been going on for a while now is that old DNS entry for my company that comes up from when using 'exchangeconnectivity.com'.  i'll have to do another post because I'm not sure how to track it down.

I don't think it's the cause of my problem  because my OWA can connect; they just get prompted with the unknown certificate message that my iphone users can't get around.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What about your Router - is that forwarding to the correct internal IP Address?

Is the certificate named with an IP Address or an FQDN e.g., mail.domain.com?

Have you run the test on https://testexchangeconnectivity.com to see if that can see what the problem is?  It should provide some clues.
0
 

Author Comment

by:c2media
Comment Utility
my router does forward to the correct internal IP.

the certificate is named with an FQDN.  mail.corporateidentity.net

I ran the test from testexchangeconnectivity.com before but didn't see anything useful.. then i looked at your article again and manually input the server name.

this time i got the following error and will attempt to troubleshoot using your article.

***************************
n ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
       
      Test Steps
       
      Attempting to send the OPTIONS command to the server.
       The OPTIONS response was successfully received and is valid.
       
      Additional Details
       Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Tue, 01 Mar 2011 01:20:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Exchange ActiveSync returned an HTTP 500 response.

*****************************************
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Oh - the 500 error!  Could be nasty :(

Is the default website still using All unassigned and port 80 / 443?  The 500 error can be caused by these settings not being correct.

Are there any other Websites using port 80 / 443 on your server?
0
 

Author Comment

by:c2media
Comment Utility
I just reset the default virtual directories per:
http://support.microsoft.com/kb/883380

i re ran the connectivity test and get the same error. :( indeed

the default website is still using unassigned on port 80 / 443.  there aren't any other websites on this server.

There is one other website on my server but it is using 8099 and 8098.

what to do?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Have you rebooted the server since the IP Change?
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:c2media
Comment Utility
yes a few times.

a couple of questions about your article.

how to i disable forms based authentication?

Disable Forms Based Authentication - Exchange HTTP Protocol (if enabled)  ** i'm not sure if this is in IIS or ESM.

is this unchecking 'require SSL' in the exchange virtual directory?

• Remove SSL settings from the Exchange IIS virtual directory

0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
FBA is disabled in ESM on the HTTP Protocol Properties.

Removing FBA should remove the Require SSL on the Exchange virtual directory.  If you have FBA enabled, you need to create the exchange-oma virtual directory by following KB817379.
0
 

Author Comment

by:c2media
Comment Utility
tried those first couple steps and reran the test with the same 500 error.

i've got to run out but thanks for your help.. let me know if there is anything else I should try in addition to what is in your article.

thanks,

Paul
0
 

Author Comment

by:c2media
Comment Utility
i tried all your steps including reviewing the settings on the exchweb directories.. running isinteg now.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Have you download the Access My LAN test tool and run that internally to see if it works inside the LAN?  Might rule in / out the firewall / router.
0
 

Author Comment

by:c2media
Comment Utility
do you mean the software from www.accessmylan.com?  i'm installing it now.
0
 

Author Comment

by:c2media
Comment Utility
Hi Alan,

I got it working with your help and needed a little assist from this article.

http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm


I'm not sure if the thing that did it was restarting the iisadmin service or going into 'IP address and domain name restictions and deny access to all but the exchange server.

I got the link from here.
http://technet.microsoft.com/en-us/library/dd439375(EXCHG.80).aspx
someone had the same issue as me with changing IPs.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now