HTTP 1.1/403 Exchange Folder Sync Failed

Posted on 2011-10-04
Last Modified: 2012-05-12
Ok, I'm stumped.  Its been three days that I've been working on this problem and NO luck at all with trying to get it fixed.  I'm looking for ideas.  I'm including a PDF of screen shots just to confirm that I have everything is setup right.  Which I think it is, however I constantly get a foldersync problem.

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: IP ADDRESS
 Testing TCP port 443 on host to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject:, OU=Domain Control Validated,, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=, O=", Inc.", L=Scottsdale, S=Arizona, C=US.
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name was found in the Certificate Subject Common name.
 Validating certificate trust for Windows Mobile devices.
  The certificate is trusted and all certificates are present in the chain.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate, OU=Domain Control Validated,
  One or more certificate chains were constructed successfully.
   Additional Details
  A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
 Analyzing the certificate chains for compatability problems with Windows Phone devices.
  Potential compatibility problems were identified with some versions of Windows Phone.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate is only trusted on Windows Mobile 5.0 with the Messaging and Security Feature Pack and later versions. Windows Mobile 5.0 devices won't be able to sync. Root =, CN=, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
 ExRCA is analyzing intermediate certificates that were sent down by the remote server.
  All intermediate certificates are present and valid.
   Additional Details
  All intermediate certificates were present and valid.
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 11/11/2010 12:01:15 AM, NotAfter = 11/11/2011 12:01:15 AM
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 Testing HTTP Authentication Methods for URL
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Wed, 05 Oct 2011 00:33:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>  Exchange2003.pdf
Question by:tomtcs
    LVL 10

    Expert Comment


    can i have event Ids for above erors?

    LVL 6

    Expert Comment

    you Must be getting event number 3005 in the event log. Also i do see that you have multiple web sites running. Try to stop all those except Default Web site and see wether you are able to sync or not.

    Try to browse microsoft-server- active sync virtual directory in IIS and make sure you are getting 501/505 error.

    Make sure OWA is working fine and FBA is disbaled for OWA in ESM.  

    Author Comment

    I checked event viewer this morning and didn't see any errors logged for Exchange at all. No 3001, 3005 or anything.  I tried to disable the other webistes and did an IISRESET with no luck.  OWA works perfectly fine.  As for the ActiveSync browsing I get this message:

    This error (HTTP 501 Not Implemented or HTTP 505 Version Not Supported) means that the website you are visiting doesn't currently have the ability to display the webpage or support the HTTP version used to request the page.
    LVL 6

    Expert Comment

    Can you please paste the IIS logs for default web site. I want to see where we are getting 403 for microsoft-server-AtiveSync.

    Author Comment

    #Software: Microsoft Internet Information Services 6.0
    #Version: 1.0
    #Date: 2011-10-06 23:46:04
    #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
    2011-10-06 23:46:04 W3SVC1 OPTIONS /Microsoft-Server-ActiveSync/ - 443 - HTTP/1.1 Microsoft-Server-ActiveSync/12.0+( - - 401 2 2148074254 319 182 0
    2011-10-06 23:46:04 W3SVC1 OPTIONS /Microsoft-Server-ActiveSync/ - 443 - HTTP/1.1 Microsoft-Server-ActiveSync/12.0+( - - 401 2 2148074254 319 201 0
    2011-10-06 23:46:04 W3SVC1 OPTIONS /Microsoft-Server-ActiveSync/ &Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 443 atdnet\tomtcs HTTP/1.1 Microsoft-Server-ActiveSync/12.0+( - - 200 0 0 587 222 0
    2011-10-06 23:46:04 W3SVC1 POST /Microsoft-Server-ActiveSync/ Cmd=FolderSync&User=tomtcs&DeviceId=1951897904&DeviceType=TestActiveSyncConnectivity 443 - HTTP/1.1 Microsoft-Server-ActiveSync/12.0+( - - 401 2 2148074254 319 367 0
    2011-10-06 23:46:04 W3SVC1 PROPFIND /exchange-oma/ - 80 - HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - 401 1 0 2111 436 15
    2011-10-06 23:46:04 W3SVC1 PROPFIND /exchange-oma/ - 80 ATDNET\tomtcs HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - 404 0 0 274 645 0
    2011-10-06 23:46:04 W3SVC1 MKCOL /exchange-oma/ - 80 - HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - 403 0 0 256 254 0
    2011-10-06 23:46:04 W3SVC1 POST /Microsoft-Server-ActiveSync/ Cmd=FolderSync&User=tomtcs&DeviceId=1951897904&DeviceType=TestActiveSyncConnectivity&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:2C2I687S1062R0S0L0H0P 443 atdnet\tomtcs HTTP/1.1 Microsoft-Server-ActiveSync/12.0+( - - 403 0 0 322 431 46
    LVL 6

    Accepted Solution

    1> Do you have exchange-oma virtual directory created in IIS

    if yes try to browse it, make sure we are able to browse it and get OWA with any user name passwotrd prompt . If you get a prompt on it  then make sure we have integrated authetication is selected. make sure ssl is unchecked on it

    I m sure when u browse it then u will get 403 error.  

    If still u get 403 error, then follow kb

    I pretty sure this will take care of ur issue.
    LVL 6

    Assisted Solution

    as per the PDF u have attached i dont think you have no exchange-oma. Please delete this registry key  


    restart the IIS service

    Author Closing Comment

    Let me just say... that was the EASIEST solution out there! Thank you thank you thank you!

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now