We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Server Active Sync ,  Connection refused

Medium Priority
2,234 Views
Last Modified: 2012-05-11
Ok I have a Question On my active sync Setup.. Now I have Server 2003 SP2 updated  with Exchange 2k3 Updated also. Now all my account are on the same store, same server, all set up the same way.   I already have a few i pads and others devices using the sync ok .Now i try and add a new iphone and it seems to take the settings ok but when I click on mail box and I get (cannot get mail.)  

Now I have checked make sure My ipad and others are all still syncing with no issues.    
And i am getting this error in event viewer
Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            4/27/2011
Time:            11:30:59 AM
User:            xxxxx
Computer:      EXCHANGE
Description:
Unexpected Exchange mailbox Server error: Server: [xxxx.com] User: [xxx.com] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Also I ran Active sync tester and got this

ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]

But it’s not.. Its active globally or the other would not work and I checked user and its all active
Comment
Watch Question

Commented:
Disable it on the user press apply, then enable it press apply and test again

Author

Commented:
Damn tried but no.   Same error

Commented:
Is everything else enabled for the user like OWA and push notifications? If you create a new test user + mailbox with 1 mail in it and see if that works on the device. If it does, copy/duplicate the problem users account (to copy the group membership) and then create a mailbox for the copied account, mail it then test the copied account.

Commented:
Had same problem not long ago, can you read through my original thread and see if any of this helps you

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26538232.html

Commented:
Another note that probably helps you none is that we no longer get these after moving to Exchange 2010 on Server 2008 R2

Author

Commented:
burner there was no solution on your post..


Meganuk I will try to add a new user and sync

Author

Commented:
MegaNuk3:  nope Creating a new user sent it some emails then tried to sync my phone.. same error

yet my other devices already connect are still fine

Author

Commented:
Now this might help with some suggesttion. Now i recently moved to a VM box.. All the older ones that work i set up on the reg box.  these new ones i am trying to set up in the vm box.   Now i here auth might be off because of ip.. not sure.. but if this is the reason why are the old ones still working  

Author

Commented:
Now i know it anit the phone beacuse I add my account to the phone and it sync;s up fine..  Now these anit new users just user that have not been on OWA yet

Commented:
Try add the non working account to the exceptions list:
 open up Exchange System Manager, Global Settings, Mobile Services Properties, Device Security Button, Exceptions Button, then add the account to the exceptions list.

Author

Commented:
hmm I had to check off enfroce password on  device ..

Then added non-working user to exceptions .. Hit Apply then re tried.. still no go..

Author

Commented:
Well I am guessing my Vm theory is not the problem.   Now looking over some settings like I said before I created a new server on a VM box and moved all the boxes over to a new store. Now I also moved the Go-daddy cert I had; Now the name of the new server is different   but again our original devices are working? Is this because it already made its initial hand shake but won’t let new ones install or should it be fine if the old ones can connect  

Author

Commented:
Well we can rule out the cert issue to ...  Just set up a new one and same result
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Hello,

Go to https://www.testexchangeconnectivity.com and perfom a Exchange ActiveSync

Use Manually specify server settings

After post the output.

Author

Commented:
Thanks Shreedhar, Your my new best friend today... thanks so much for your help.. I hope you can help me fix this

Yes i have tried this ... this is what i get

Now i get this reguardless of work or non working user

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication test failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Check IIS permissions - you have Anonymous Enabled on the Microsoft-Server-Activesync virtual Directory and it should be Basic Only

Author

Commented:
like this ? 12

Author

Commented:
and yes i read that article: a few times.. still nothing
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Un check :
Enable Anonymous Access and Intergated Windows Authencation

After that restart the IIS and Perfom test at https://www.testexchangeconnectivity.com

Also check application event log for any new warnings or errors related to ActiveSync.

Author

Commented:
this is the error i got with the analyzer
ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 The OPTIONS response was successfully received and is valid.
 Additional Details
 Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 28 Apr 2011 02:46:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting the FolderSync command on the Exchange ActiveSync session.
 The test of the FolderSync command failed.
 Additional Details
 An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>

Author

Commented:
Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            4/27/2011
Time:            10:46:04 PM
User:            INTEGRA\xxx
Computer:      EXCHANGE
Description:
Unexpected Exchange mailbox Server error: Server: [Exchange.integracompanies.com] User: [xxxx@integracompanies.com] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Now refer this previuosly answered question:
https://www.experts-exchange.com/Storage/Backup_Restore/Backup_Exec/Q_24742489.html

Please check all the settings step by step. Don't be in a hurry.

Author

Commented:
ok looking better i think.. this is what i get on a working user now..




ExRCA is testing Exchange ActiveSync.
 Exchange ActiveSync was tested successfully.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Testing of an Exchange ActiveSync session completed successfully.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 The OPTIONS response was successfully received and is valid.
 Additional Details
 Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 28 Apr 2011 03:17:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting the FolderSync command on the Exchange ActiveSync session.
 The FolderSync command completed successfully.
 Additional Details
 Number of folders: 69

Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
 The Sync command completed successfully.
 Additional Details
 Status: 1

Attempting to test the GetItemEstimate command for the Inbox folder.
 ExRCA successfully received the GetItemEstimate response from the server.
 Additional Details
 Estimate: 64 messages

Attempting to test synchronization of the Inbox folder.
 The Sync command completed successfully.
 Additional Details
 Number of items synchronized: 64

Author

Commented:
this is what I get on a new user i am trying to set up on the phone

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 The OPTIONS response was successfully received and is valid.
 Additional Details
 Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 28 Apr 2011 03:20:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting the FolderSync command on the Exchange ActiveSync session.
 The test of the FolderSync command failed.
 Additional Details
 An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>

Author

Commented:
Forms Based Authentication is NOT turned on

and

added the accounts to the exceptions list

Still getting error
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Please make sure you have the exchange-oma virtual directory listed.  Please check and run through KB817379 to make sure all the settings in there are setup correctly on your server.
Technical Manager
CERTIFIED EXPERT
Top Expert 2010
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
I dont have Exchange-Oma Dir   i never had forms-based authentication checked  .. do you still want me to creat it?
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Yes, Create the exchange-oma virtual directory.
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Which Mobiel device the new user is using for the ActiveSync?

Author

Commented:
iphones .. on working user and

trying to connect  the new user to iphone also
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Apply this hot fix http://support.microsoft.com/kb/957191 to update the MasSync.dll version from 6.5.7638.1
 to 6.5.7654.7
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
After that try to configure the mobile device.

Author

Commented:
no need creating the new VD worked... they sync now thanks a bunch .. now i can sleep.. its late
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.