Link to home
Start Free TrialLog in
Avatar of amgrobins
amgrobins

asked on

Exchange activesync Error 3005

Hi i have an SBS 2003 running exchange. I used to have an iPhone and had it synced with the exchange server (after much trouble).
I now have another user who needs to sync and iphone and for some reason I cannot get it to work.
The iphone reports it cannot connect to the server and in the server application log i get an error 3005 as follows:

Unexpected Exchange mailbox Server error: Server:
[xyz.xyz.local] User: [xyz@xyz.co.uk]
HTTP status code: [409]. Verify that the Exchange mailbox server is working correctly.

I know it definitely works because using the same settings on the phone it will connect to my mailbox. It must be a permissions issue somewhere but I am at a loss as to where.

Any help appreciated!
Avatar of Shabarinath TR
Shabarinath TR
Flag of India image

Can you test the active sync connectivity using the below link?
https://www.testexchangeconnectivity.com/

Good luck
Shaba
The event 3005 is logged on the Exchange Server and not necessarily that there is an issue with ActiveSync. The HTTP status code in the event is more important and from that we can identify if there are issues with activesync or not.

In your scenario, we are getting HTTP status code 409 which might not result in an ActiveSync failure.

You can refer to http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html for more information in regards to HTTP status code 409.

To fix this event:
1. URLScan is known to cause issues with ActiveSync. If you have it installed, then I would suggest to go ahead and remove it.

2. Verify the authentication settings on the virtual directories. It should be as follows:
Exchange - Basic and Integrated Windows auth
SSL: Turn Off

MicroSoft-Server-ActiveSync - Basic auth

In case you have 'exchange-oma' directory (KB 817370), then same settings mentioned above will be applicable to 'exchange-oma'.

Let us know how it goes.

- LLL
Avatar of amgrobins
amgrobins

ASKER

Hi thanks for your help.
I have followed most of the steps in that EE article you linked and when I went to do the activesync test with my username and password it worked perfectly - which i expected it to seeing as i can sync my mailbox to the iphone.
However when i tried using the other users credentials i got a 403 error right at the end. I have attached the log of the test.

I seem to remember it took me forever to get my account synced about 9 months ago and it was something to do with setting permissions on the mailbox? But i really cant remember exactly what I did!

Any other thoughts?
ExRCA is testing Exchange ActiveSync.
 	The Exchange ActiveSync test failed.
 	
	Test Steps
 	
	Attempting to resolve the host name **************.co.uk in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	IP addresses returned: **.**.**.**
	Testing TCP port 443 on host amcengineering.co.uk to ensure it's listening and open.
 	The port was opened successfully.
	Testing the SSL certificate to make sure it's valid.
 	The certificate passed all validation requirements.
 	
	Test Steps
 	
	Validating the certificate name.
 	The certificate name was validated successfully.
 	
	Additional Details
 	Host name amcengineering.co.uk was found in the Certificate Subject Common name.
	Validating certificate trust for Windows Mobile devices.
 	The certificate is trusted and all certificates are present in the chain.
 	
	Additional Details
 	The certificate is trusted for Windows Mobile 5.0 and later versions. Root = E=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, S=Western Cape, C=ZA
	Testing the certificate date to confirm the certificate is valid.
 	Date validation passed. The certificate hasn't expired.
 	
	Additional Details
 	The certificate is valid. NotBefore = 9/3/2010 12:00:00 AM, NotAfter = 9/3/2011 11:59:59 PM
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.
 	
	Additional Details
 	Accept/Require Client Certificates isn't configured.
	Testing HTTP Authentication Methods for URL https://**************.CO.UK/Microsoft-Server-Activesync/.
 	The HTTP authentication methods are correct.
 	
	Additional Details
 	ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
	An ActiveSync session is being attempted with the server.
 	Errors were encountered while testing the Exchange ActiveSync session.
 	
	Test Steps
 	
	Attempting to send the OPTIONS command to the server.
 	The OPTIONS response was successfully received and is valid.
 	
	Additional Details
 	Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 19 May 2011 08:00:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

	Attempting the FolderSync command on the Exchange ActiveSync session.
 	The test of the FolderSync command failed.
 	
	Additional Details
 	An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>

Open in new window

Do you have ISA?

On Exchange-oma virtual directory, navigate to 'Directory Securtity' tab and click on 'edit' under 'IP address and domain name restrictions'.

Check the IP address mentioned over there and make sure the IP address is of Exchange Server. Apart from that there will be a loopback IP address. You can ignore that.

Also make sure SSL is disabled on the Exchange-oma

Let us know how it goes.

-LLL
I i have SBS 2003 Std so I dont have ISA.
I went through the replace exchange-oma directory last night and now one of my users can sync perfectly. However, the other account still gets the same error and so does my account (that worked before). Very strange.

I have checked the IP Address and that is correct and SSL is definitely disabled on the exchange-oma directory.

The setup itself definitely works because one user is now syncing - however several other users still return a 403. Bizarre!
ASKER CERTIFIED SOLUTION
Avatar of MegaNuk3
MegaNuk3
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for the points. Can you confirm the solution?