[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2103
  • Last Modified:

Server Active Sync , Connection refused

Ok I have a Question On my active sync Setup.. Now I have Server 2003 SP2 updated  with Exchange 2k3 Updated also. Now all my account are on the same store, same server, all set up the same way.   I already have a few i pads and others devices using the sync ok .Now i try and add a new iphone and it seems to take the settings ok but when I click on mail box and I get (cannot get mail.)  

Now I have checked make sure My ipad and others are all still syncing with no issues.    
And i am getting this error in event viewer
Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            4/27/2011
Time:            11:30:59 AM
User:            xxxxx
Computer:      EXCHANGE
Description:
Unexpected Exchange mailbox Server error: Server: [xxxx.com] User: [xxx.com] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Also I ran Active sync tester and got this

ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]

But it’s not.. Its active globally or the other would not work and I checked user and its all active
0
gotti777
Asked:
gotti777
  • 19
  • 11
  • 3
  • +1
1 Solution
 
MegaNuk3Commented:
Disable it on the user press apply, then enable it press apply and test again
0
 
gotti777Author Commented:
Damn tried but no.   Same error
0
 
MegaNuk3Commented:
Is everything else enabled for the user like OWA and push notifications? If you create a new test user + mailbox with 1 mail in it and see if that works on the device. If it does, copy/duplicate the problem users account (to copy the group membership) and then create a mailbox for the copied account, mail it then test the copied account.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
burnersCommented:
Had same problem not long ago, can you read through my original thread and see if any of this helps you

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26538232.html
0
 
burnersCommented:
Another note that probably helps you none is that we no longer get these after moving to Exchange 2010 on Server 2008 R2
0
 
gotti777Author Commented:
burner there was no solution on your post..


Meganuk I will try to add a new user and sync
0
 
gotti777Author Commented:
MegaNuk3:  nope Creating a new user sent it some emails then tried to sync my phone.. same error

yet my other devices already connect are still fine
0
 
gotti777Author Commented:
Now this might help with some suggesttion. Now i recently moved to a VM box.. All the older ones that work i set up on the reg box.  these new ones i am trying to set up in the vm box.   Now i here auth might be off because of ip.. not sure.. but if this is the reason why are the old ones still working  
0
 
gotti777Author Commented:
Now i know it anit the phone beacuse I add my account to the phone and it sync;s up fine..  Now these anit new users just user that have not been on OWA yet
0
 
MegaNuk3Commented:
Try add the non working account to the exceptions list:
 open up Exchange System Manager, Global Settings, Mobile Services Properties, Device Security Button, Exceptions Button, then add the account to the exceptions list.
0
 
gotti777Author Commented:
hmm I had to check off enfroce password on  device ..

Then added non-working user to exceptions .. Hit Apply then re tried.. still no go..
0
 
gotti777Author Commented:
Well I am guessing my Vm theory is not the problem.   Now looking over some settings like I said before I created a new server on a VM box and moved all the boxes over to a new store. Now I also moved the Go-daddy cert I had; Now the name of the new server is different   but again our original devices are working? Is this because it already made its initial hand shake but won’t let new ones install or should it be fine if the old ones can connect  
0
 
gotti777Author Commented:
Well we can rule out the cert issue to ...  Just set up a new one and same result
0
 
Shreedhar EtteCommented:
Hello,

Go to https://www.testexchangeconnectivity.com and perfom a Exchange ActiveSync

Use Manually specify server settings

After post the output.
0
 
gotti777Author Commented:
Thanks Shreedhar, Your my new best friend today... thanks so much for your help.. I hope you can help me fix this

Yes i have tried this ... this is what i get

Now i get this reguardless of work or non working user

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication test failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
0
 
Shreedhar EtteCommented:
Check IIS permissions - you have Anonymous Enabled on the Microsoft-Server-Activesync virtual Directory and it should be Basic Only
0
 
gotti777Author Commented:
like this ? 12
0
 
gotti777Author Commented:
and yes i read that article: a few times.. still nothing
0
 
Shreedhar EtteCommented:
Un check :
Enable Anonymous Access and Intergated Windows Authencation

After that restart the IIS and Perfom test at https://www.testexchangeconnectivity.com

Also check application event log for any new warnings or errors related to ActiveSync.
0
 
gotti777Author Commented:
this is the error i got with the analyzer
ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 The OPTIONS response was successfully received and is valid.
 Additional Details
 Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 28 Apr 2011 02:46:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting the FolderSync command on the Exchange ActiveSync session.
 The test of the FolderSync command failed.
 Additional Details
 An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
0
 
gotti777Author Commented:
Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            4/27/2011
Time:            10:46:04 PM
User:            INTEGRA\xxx
Computer:      EXCHANGE
Description:
Unexpected Exchange mailbox Server error: Server: [Exchange.integracompanies.com] User: [xxxx@integracompanies.com] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
Shreedhar EtteCommented:
Now refer this previuosly answered question:
http://www.experts-exchange.com/Storage/Backup_Restore/Backup_Exec/Q_24742489.html

Please check all the settings step by step. Don't be in a hurry.
0
 
gotti777Author Commented:
ok looking better i think.. this is what i get on a working user now..




ExRCA is testing Exchange ActiveSync.
 Exchange ActiveSync was tested successfully.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Testing of an Exchange ActiveSync session completed successfully.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 The OPTIONS response was successfully received and is valid.
 Additional Details
 Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 28 Apr 2011 03:17:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting the FolderSync command on the Exchange ActiveSync session.
 The FolderSync command completed successfully.
 Additional Details
 Number of folders: 69

Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
 The Sync command completed successfully.
 Additional Details
 Status: 1

Attempting to test the GetItemEstimate command for the Inbox folder.
 ExRCA successfully received the GetItemEstimate response from the server.
 Additional Details
 Estimate: 64 messages

Attempting to test synchronization of the Inbox folder.
 The Sync command completed successfully.
 Additional Details
 Number of items synchronized: 64
0
 
gotti777Author Commented:
this is what I get on a new user i am trying to set up on the phone

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.integracompanies.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 63.131.104.53

Testing TCP port 443 on host mail.integracompanies.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.integracompanies.com was found in the Certificate Subject Common name.

Validating certificate trust for Windows Mobile devices.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 4/28/2011 12:57:11 AM, NotAfter = 8/4/2011 10:21:59 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.integracompanies.com/Microsoft-Server-Activesync/.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 The OPTIONS response was successfully received and is valid.
 Additional Details
 Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 28 Apr 2011 03:20:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting the FolderSync command on the Exchange ActiveSync session.
 The test of the FolderSync command failed.
 Additional Details
 An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
0
 
gotti777Author Commented:
Forms Based Authentication is NOT turned on

and

added the accounts to the exceptions list

Still getting error
0
 
Shreedhar EtteCommented:
Please make sure you have the exchange-oma virtual directory listed.  Please check and run through KB817379 to make sure all the settings in there are setup correctly on your server.
0
 
Shreedhar EtteCommented:
Follow method 2 in KB817379.
0
 
gotti777Author Commented:
I dont have Exchange-Oma Dir   i never had forms-based authentication checked  .. do you still want me to creat it?
0
 
Shreedhar EtteCommented:
Yes, Create the exchange-oma virtual directory.
0
 
Shreedhar EtteCommented:
Which Mobiel device the new user is using for the ActiveSync?
0
 
gotti777Author Commented:
iphones .. on working user and

trying to connect  the new user to iphone also
0
 
Shreedhar EtteCommented:
Apply this hot fix http://support.microsoft.com/kb/957191 to update the MasSync.dll version from 6.5.7638.1
 to 6.5.7654.7
0
 
Shreedhar EtteCommented:
After that try to configure the mobile device.
0
 
gotti777Author Commented:
no need creating the new VD worked... they sync now thanks a bunch .. now i can sleep.. its late
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 19
  • 11
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now