?
Solved

changing IP of Exchange 2003 server has broken connection of activesync devices

Posted on 2011-02-28
14
Medium Priority
?
584 Views
Last Modified: 2012-05-11
We recently changed the inside IP of our 2003 exchange server and now activesync devices can no longer connect.

i believe it is a certificate issue because I'm told that the certificate warning that comes up in OWA is new as well.

Our firewall NATs the internal address to an external which hasn't changed. I didn't think the inside IP would matter or be part of the certificate.  I might be looking in the wrong place but I don't see a 3rd party certificate on this exchange server.

I tried unchecking 'require Secure Channel on the OWA website but I still get prompted for unknown certificate in OWA.

Why would a change to inside IPs cause this?

should I update my 3rd party certificate and where would I find it?  I only saw self signed certificates in IIS.

Is there a way for OWA to accept the unknown (self signed) certificate so that my activesync devices can connect?

thanks,

Paul
0
Comment
Question by:c2media
  • 8
  • 6
14 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 35002587
Check the IP Address associated with the Default Website and check to see if that is All Unassigned - as it should be - or a specific IP Address.

Ideally - if not All unassigned - please change it to this.

Failing that - please review my Exchange 2003 / Activesync article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 

Author Comment

by:c2media
ID: 35003070
Hi Alan,

The default website was set to 'All Unassigned' so no luck there.

Great article.  Unfortunately my activesync users still can't connect. the only issue I found, which has been going on for a while now is that old DNS entry for my company that comes up from when using 'exchangeconnectivity.com'.  i'll have to do another post because I'm not sure how to track it down.

I don't think it's the cause of my problem  because my OWA can connect; they just get prompted with the unknown certificate message that my iphone users can't get around.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003104
What about your Router - is that forwarding to the correct internal IP Address?

Is the certificate named with an IP Address or an FQDN e.g., mail.domain.com?

Have you run the test on https://testexchangeconnectivity.com to see if that can see what the problem is?  It should provide some clues.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:c2media
ID: 35003244
my router does forward to the correct internal IP.

the certificate is named with an FQDN.  mail.corporateidentity.net

I ran the test from testexchangeconnectivity.com before but didn't see anything useful.. then i looked at your article again and manually input the server name.

this time i got the following error and will attempt to troubleshoot using your article.

***************************
n ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
       
      Test Steps
       
      Attempting to send the OPTIONS command to the server.
       The OPTIONS response was successfully received and is valid.
       
      Additional Details
       Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Tue, 01 Mar 2011 01:20:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Exchange ActiveSync returned an HTTP 500 response.

*****************************************
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003318
Oh - the 500 error!  Could be nasty :(

Is the default website still using All unassigned and port 80 / 443?  The 500 error can be caused by these settings not being correct.

Are there any other Websites using port 80 / 443 on your server?
0
 

Author Comment

by:c2media
ID: 35003366
I just reset the default virtual directories per:
http://support.microsoft.com/kb/883380

i re ran the connectivity test and get the same error. :( indeed

the default website is still using unassigned on port 80 / 443.  there aren't any other websites on this server.

There is one other website on my server but it is using 8099 and 8098.

what to do?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003379
Have you rebooted the server since the IP Change?
0
 

Author Comment

by:c2media
ID: 35003411
yes a few times.

a couple of questions about your article.

how to i disable forms based authentication?

Disable Forms Based Authentication - Exchange HTTP Protocol (if enabled)  ** i'm not sure if this is in IIS or ESM.

is this unchecking 'require SSL' in the exchange virtual directory?

• Remove SSL settings from the Exchange IIS virtual directory

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35003430
FBA is disabled in ESM on the HTTP Protocol Properties.

Removing FBA should remove the Require SSL on the Exchange virtual directory.  If you have FBA enabled, you need to create the exchange-oma virtual directory by following KB817379.
0
 

Author Comment

by:c2media
ID: 35003453
tried those first couple steps and reran the test with the same 500 error.

i've got to run out but thanks for your help.. let me know if there is anything else I should try in addition to what is in your article.

thanks,

Paul
0
 

Author Comment

by:c2media
ID: 35007252
i tried all your steps including reviewing the settings on the exchweb directories.. running isinteg now.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35007314
Have you download the Access My LAN test tool and run that internally to see if it works inside the LAN?  Might rule in / out the firewall / router.
0
 

Author Comment

by:c2media
ID: 35007475
do you mean the software from www.accessmylan.com?  i'm installing it now.
0
 

Author Comment

by:c2media
ID: 35009962
Hi Alan,

I got it working with your help and needed a little assist from this article.

http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm


I'm not sure if the thing that did it was restarting the iisadmin service or going into 'IP address and domain name restictions and deny access to all but the exchange server.

I got the link from here.
http://technet.microsoft.com/en-us/library/dd439375(EXCHG.80).aspx
someone had the same issue as me with changing IPs.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses
Course of the Month15 days, 7 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question