SBS 2003 HTTP 400 on SUBSCRIBE in IIS Log for ActiveSync User

I'm seeing some odd entries in the IIS log file that I hope someone may be able to identify.  The logs in question are from ActiveSync access by users on Android smartphones to a SBS 2003 Exchange instance.  Here's an example:

2011-10-27 15:05:24 SUBSCRIBE /exchange-oma/ 80 - HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - 401 1971 369
2011-10-27 15:05:24 SUBSCRIBE /exchange-oma/ 80 - HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - 401 2151 480
2011-10-27 15:05:24 SUBSCRIBE /exchange-oma/ 80 MYDOMAIN\hkelly HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - 200 512 492

Note the three SUBSCRIBES, two return a 400 status and the third that has a user_name rather than an IP address seems to work.  SSL is disabled.  I'm wondering why 3 transactions and what the difference is.

Thank you,

SBS 2003 SP2
Exchange 6.2
Who is Participating?
SEARCH /exchange-oma/ 80 - --> 401 2
SEARCH /exchange-oma/ 80 MYDOMAIN\jweber  --> 200

IMO, concentrate after the port 80
If there is - (we are using the anonymous authentication tried against the IIS

In the second line, browser\device provides the we end-up with http-200

Apart from these logs, if the mobile-devices and users are not facing other issues\difficulties....there is nothing to worry and you can ignore these logs
Alan HardistyCo-OwnerCommented:
Please check your IIS settings / server configuration against my Exchange 2003 Article and then you should hopefully see the errors disappear:

radionuchAuthor Commented:
Alan, thanks for your reply.

I saw this article before, but since I've found ActiveSync on SBS 2003 to be so touchy, I was concerned about changing anything since it was basically working.  I took your advice and followed this article, but without the SSL settings since I want to make sure our users are not disturbed until I have time to notify them first.

After the IIS reset, the error situation I described above did not change.  Here's what I got before and after this change, while testing the MS Connectivity Tester:

An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
      Test Steps
      Attempting to send the OPTIONS command to the server.
       Testing of the OPTIONS command failed. For more information, see Additional Details.
      Additional Details
       An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

radionuchAuthor Commented:
I think this example below clearly shows the problem I'm, concerned about.  You can see two requests for a SEARCH.  The first one shows the server IP address for a user name and fails with a 401.  The second with "MYDOMAIN\jweber" for a user name works.


2011-10-28 16:36:59 SEARCH /exchange-oma/ 80 - HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - 401 2151 375
2011-10-28 16:36:59 SEARCH /exchange-oma/ 80 MYDOMAIN\jweber HTTP/1.1 Microsoft-Server-ActiveSync/6.5.7638.1 - 207 639 1129
Alan HardistyCo-OwnerCommented:
The 401 error is either incorrect username / password or incorrect IIS authentication settings on the virtual directories.
radionuchAuthor Commented:
Yes, Its working, and no errors are reported by the Smartphone users, so your advice is well taken, nothing to worry about I guess.

Where is the anonymous auth request coming from?  The Smartphone must try that first?

IMO, this is by design when the IExplore communicate to IIS resources

The closest ones are:
Internet Explorer May Prompt You for a Password

Anonymous authentication is attempted first, followed by Windows Integrated authentication, Digest authentication (if applicable), and finally Basic (clear text) authentication.

radionuchAuthor Commented:
Good news, thank you all very much.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.