HTTP 1.1/403 Exchange Folder Sync Failed

Ok, I'm stumped.  Its been three days that I've been working on this problem and NO luck at all with trying to get it fixed.  I'm looking for ideas.  I'm including a PDF of screen shots just to confirm that I have everything is setup right.  Which I think it is, however I constantly get a foldersync problem.

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name domain.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: IP ADDRESS
 
 Testing TCP port 443 on host domain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=domain.com, OU=Domain Control Validated, O=domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name domain.com was found in the Certificate Subject Common name.
 
 Validating certificate trust for Windows Mobile devices.
  The certificate is trusted and all certificates are present in the chain.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=domain.com, OU=Domain Control Validated, O=domain.com.
  One or more certificate chains were constructed successfully.
   Additional Details
  A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
 
 Analyzing the certificate chains for compatability problems with Windows Phone devices.
  Potential compatibility problems were identified with some versions of Windows Phone.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate is only trusted on Windows Mobile 5.0 with the Messaging and Security Feature Pack and later versions. Windows Mobile 5.0 devices won't be able to sync. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
 
 ExRCA is analyzing intermediate certificates that were sent down by the remote server.
  All intermediate certificates are present and valid.
   Additional Details
  All intermediate certificates were present and valid.
 
 
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 11/11/2010 12:01:15 AM, NotAfter = 11/11/2011 12:01:15 AM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://domain.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Wed, 05 Oct 2011 00:33:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 
 
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>  Exchange2003.pdf
tomtcsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gaurav05Commented:
Hi,

can i have event Ids for above erors?


0
sumit_aroraCommented:
you Must be getting event number 3005 in the event log. Also i do see that you have multiple web sites running. Try to stop all those except Default Web site and see wether you are able to sync or not.

Try to browse microsoft-server- active sync virtual directory in IIS and make sure you are getting 501/505 error.

Make sure OWA is working fine and FBA is disbaled for OWA in ESM.  
0
tomtcsAuthor Commented:
I checked event viewer this morning and didn't see any errors logged for Exchange at all. No 3001, 3005 or anything.  I tried to disable the other webistes and did an IISRESET with no luck.  OWA works perfectly fine.  As for the ActiveSync browsing I get this message:

This error (HTTP 501 Not Implemented or HTTP 505 Version Not Supported) means that the website you are visiting doesn't currently have the ability to display the webpage or support the HTTP version used to request the page.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

sumit_aroraCommented:
Can you please paste the IIS logs for default web site. I want to see where we are getting 403 for microsoft-server-AtiveSync.
0
tomtcsAuthor Commented:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2011-10-06 23:46:04
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2011-10-06 23:46:04 W3SVC1 192.168.205.20 OPTIONS /Microsoft-Server-ActiveSync/ - 443 - 207.46.14.63 HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 401 2 2148074254 319 182 0
2011-10-06 23:46:04 W3SVC1 192.168.205.20 OPTIONS /Microsoft-Server-ActiveSync/ - 443 - 207.46.14.63 HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 401 2 2148074254 319 201 0
2011-10-06 23:46:04 W3SVC1 192.168.205.20 OPTIONS /Microsoft-Server-ActiveSync/ &Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 443 atdnet\tomtcs 207.46.14.63 HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 200 0 0 587 222 0
2011-10-06 23:46:04 W3SVC1 192.168.205.20 POST /Microsoft-Server-ActiveSync/ Cmd=FolderSync&User=tomtcs&DeviceId=1951897904&DeviceType=TestActiveSyncConnectivity 443 - 207.46.14.63 HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 401 2 2148074254 319 367 0
2011-10-06 23:46:04 W3SVC1 192.168.205.20 PROPFIND /exchange-oma/tomtcs@atd-comm.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/TestActiveSyncConnectivity/1951897904 - 80 - 192.168.205.20 HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - postoffice.atd-comm.com 401 1 0 2111 436 15
2011-10-06 23:46:04 W3SVC1 192.168.205.20 PROPFIND /exchange-oma/tomtcs@atd-comm.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/TestActiveSyncConnectivity/1951897904 - 80 ATDNET\tomtcs 192.168.205.20 HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - postoffice.atd-comm.com 404 0 0 274 645 0
2011-10-06 23:46:04 W3SVC1 192.168.205.20 MKCOL /exchange-oma/tomtcs@atd-comm.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync - 80 - 192.168.205.20 HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - postoffice.atd-comm.com 403 0 0 256 254 0
2011-10-06 23:46:04 W3SVC1 192.168.205.20 POST /Microsoft-Server-ActiveSync/ Cmd=FolderSync&User=tomtcs&DeviceId=1951897904&DeviceType=TestActiveSyncConnectivity&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:2C2I687S1062R0S0L0H0P 443 atdnet\tomtcs 207.46.14.63 HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 403 0 0 322 431 46
0
sumit_aroraCommented:
1> Do you have exchange-oma virtual directory created in IIS

if yes try to browse it, make sure we are able to browse it and get OWA with any user name passwotrd prompt . If you get a prompt on it  then make sure we have integrated authetication is selected. make sure ssl is unchecked on it

I m sure when u browse it then u will get 403 error.  

If still u get 403 error, then follow kb support.microsoft.com/kb/817379

I pretty sure this will take care of ur issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sumit_aroraCommented:
as per the PDF u have attached i dont think you have no exchange-oma. Please delete this registry key  
=======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
ExchangeVDir

restart the IIS service
0
tomtcsAuthor Commented:
Let me just say... that was the EASIEST solution out there! Thank you thank you thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.