HTTP 1.1/403 Exchange Folder Sync Failed

Posted on 2011-10-04
Medium Priority
Last Modified: 2012-05-12
Ok, I'm stumped.  Its been three days that I've been working on this problem and NO luck at all with trying to get it fixed.  I'm looking for ideas.  I'm including a PDF of screen shots just to confirm that I have everything is setup right.  Which I think it is, however I constantly get a foldersync problem.

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name domain.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: IP ADDRESS
 Testing TCP port 443 on host domain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=domain.com, OU=Domain Control Validated, O=domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name domain.com was found in the Certificate Subject Common name.
 Validating certificate trust for Windows Mobile devices.
  The certificate is trusted and all certificates are present in the chain.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=domain.com, OU=Domain Control Validated, O=domain.com.
  One or more certificate chains were constructed successfully.
   Additional Details
  A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
 Analyzing the certificate chains for compatability problems with Windows Phone devices.
  Potential compatibility problems were identified with some versions of Windows Phone.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate is only trusted on Windows Mobile 5.0 with the Messaging and Security Feature Pack and later versions. Windows Mobile 5.0 devices won't be able to sync. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
 ExRCA is analyzing intermediate certificates that were sent down by the remote server.
  All intermediate certificates are present and valid.
   Additional Details
  All intermediate certificates were present and valid.
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 11/11/2010 12:01:15 AM, NotAfter = 11/11/2011 12:01:15 AM
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 Testing HTTP Authentication Methods for URL https://domain.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Wed, 05 Oct 2011 00:33:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>  Exchange2003.pdf
Question by:tomtcs
  • 4
  • 3
LVL 10

Expert Comment

ID: 36915397

can i have event Ids for above erors?


Expert Comment

ID: 36915615
you Must be getting event number 3005 in the event log. Also i do see that you have multiple web sites running. Try to stop all those except Default Web site and see wether you are able to sync or not.

Try to browse microsoft-server- active sync virtual directory in IIS and make sure you are getting 501/505 error.

Make sure OWA is working fine and FBA is disbaled for OWA in ESM.  

Author Comment

ID: 36916517
I checked event viewer this morning and didn't see any errors logged for Exchange at all. No 3001, 3005 or anything.  I tried to disable the other webistes and did an IISRESET with no luck.  OWA works perfectly fine.  As for the ActiveSync browsing I get this message:

This error (HTTP 501 Not Implemented or HTTP 505 Version Not Supported) means that the website you are visiting doesn't currently have the ability to display the webpage or support the HTTP version used to request the page.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.


Expert Comment

ID: 36923271
Can you please paste the IIS logs for default web site. I want to see where we are getting 403 for microsoft-server-AtiveSync.

Author Comment

ID: 36928081
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2011-10-06 23:46:04
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2011-10-06 23:46:04 W3SVC1 OPTIONS /Microsoft-Server-ActiveSync/ - 443 - HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 401 2 2148074254 319 182 0
2011-10-06 23:46:04 W3SVC1 OPTIONS /Microsoft-Server-ActiveSync/ - 443 - HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 401 2 2148074254 319 201 0
2011-10-06 23:46:04 W3SVC1 OPTIONS /Microsoft-Server-ActiveSync/ &Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 443 atdnet\tomtcs HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 200 0 0 587 222 0
2011-10-06 23:46:04 W3SVC1 POST /Microsoft-Server-ActiveSync/ Cmd=FolderSync&User=tomtcs&DeviceId=1951897904&DeviceType=TestActiveSyncConnectivity 443 - HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 401 2 2148074254 319 367 0
2011-10-06 23:46:04 W3SVC1 PROPFIND /exchange-oma/tomtcs@atd-comm.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/TestActiveSyncConnectivity/1951897904 - 80 - HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - postoffice.atd-comm.com 401 1 0 2111 436 15
2011-10-06 23:46:04 W3SVC1 PROPFIND /exchange-oma/tomtcs@atd-comm.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/TestActiveSyncConnectivity/1951897904 - 80 ATDNET\tomtcs HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - postoffice.atd-comm.com 404 0 0 274 645 0
2011-10-06 23:46:04 W3SVC1 MKCOL /exchange-oma/tomtcs@atd-comm.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync - 80 - HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - - postoffice.atd-comm.com 403 0 0 256 254 0
2011-10-06 23:46:04 W3SVC1 POST /Microsoft-Server-ActiveSync/ Cmd=FolderSync&User=tomtcs&DeviceId=1951897904&DeviceType=TestActiveSyncConnectivity&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:2C2I687S1062R0S0L0H0P 443 atdnet\tomtcs HTTP/1.1 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) - - postoffice.atd-comm.com 403 0 0 322 431 46

Accepted Solution

sumit_arora earned 2000 total points
ID: 36928952
1> Do you have exchange-oma virtual directory created in IIS

if yes try to browse it, make sure we are able to browse it and get OWA with any user name passwotrd prompt . If you get a prompt on it  then make sure we have integrated authetication is selected. make sure ssl is unchecked on it

I m sure when u browse it then u will get 403 error.  

If still u get 403 error, then follow kb support.microsoft.com/kb/817379

I pretty sure this will take care of ur issue.

Assisted Solution

sumit_arora earned 2000 total points
ID: 36930183
as per the PDF u have attached i dont think you have no exchange-oma. Please delete this registry key  


restart the IIS service

Author Closing Comment

ID: 36934031
Let me just say... that was the EASIEST solution out there! Thank you thank you thank you!

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses
Course of the Month15 days, 9 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question