Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2010 Active Sync issues (coexist with 2003)

Posted on 2011-09-22
1
Medium Priority
?
1,153 Views
Last Modified: 2012-08-13
I have an Exchange 2003 org that I have added an Exchange 2010 CAS to.
I have configured an external DNS record for activesync.domain.com and port 443 is allowed through the firewall to the CAS server. I am trying to test AS connectivity via the testoutlookconnectivity.com tool.

I am getting this error:

An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.

Test Steps

Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.

Additional Details
An HTTP 401 Unauthorized response was received from the remote IIS7 server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

Any ideas?
0
Comment
Question by:ncfbins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 1

Accepted Solution

by:
ncfbins earned 0 total points
ID: 36582382
Solved it myself.


What are the configuration changes I must make on the Exchange 2003 Front-End servers to support ActiveSync?

In order to introduce Exchange 2010 into your "Internet Facing AD Site" and support your Exchange 2003 mailboxes, you will move the primary EAS namespace that is associated with the Exchange 2003 Front-End servers and associate it with the Exchange 2010 CAS array.  For more information on the detailed steps required to support coexistence process see my first blog article in the series, TechNet, or within the Deployment Assistant.

What are the configuration changes I must make on the Exchange 2003 mailbox servers?

Users with mailboxes on an Exchange 2003 server who try to use Exchange ActiveSync through an Exchange 2010 Client Access server will receive an error and be unable to synchronize unless Integrated Windows authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server. This allows the Exchange 2010 Client Access server and the Exchange 2003 back end server to communicate using Kerberos authentication.

To enable this authentication change on Exchange 2003 you need to either:

   1. Install http://support.microsoft.com/?kbid=937031 and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory.
   2. Or, set the msExchAuthenticationFlags attribute to a value of 6 on the Microsoft-Server-ActiveSync object within the configuration container on each Exchange 2003 mailbox server.  An example script is provided at http://technet.microsoft.com/en-us/library/cc785437.aspx.

Note: It is important that you do not use IIS Manager to change the authentication setting on the ActiveSync virtual directory as the DS2MB process within the System Attendant will overwrite the settings that are stored in Active Directory.

What scenarios involve proxying and what scenarios involve redirection for Exchange ActiveSync (Exchange 2003)?

Hopefully the Exchange 2003 coexistence diagram is self-explanatory, but if it is not, the key thing here is that regardless of the location of the Exchange 2003 mailbox (remember Exchange 2003 is not site aware), CAS2010 will always proxy the request to the Exchange 2003 mailbox server.  Also, since Exchange 2003 does not support Autodiscover, the device version does not matter.

   1. User's device is already configured to use the namespace mail.contoso.com.
   2. User's device attempts to synchronize.
   3. CAS2010 will authenticate the user, determine the mailbox version is Exchange 2003 by performing a service discovery lookup in Active Directory, and retrieve the Exchange 2003 mailbox server FQDN.
   4. CAS2010 will proxy the connection to the Exchange 2003 mailbox server's Microsoft-Server-ActiveSync virtual directory.  In the IIS logs, you will see a response similar to:

          POST /Microsoft-Server-ActiveSync/default.eas User=user5&DeviceId=foo&DeviceType=PocketPC&Cmd=FolderSync&Log=PrxTo:mail.contoso.com_LdapC2_ 443 contoso\user5 10.20.100.117 MSFT-PPC/5.1.2301 200 0 0 189

   5. The mailbox server will authenticate the user and retrieve and render the mailbox data and will provide the rendered data back to the CAS2010 server.
   6. CAS2010 will expose the data to the end user.

You need to install the hotfix on ALL exchange 2003 servers, and check the intergrated authentication setting on each Active Sync Virtual Directory
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question