Exchange 2010 sp1 Active Sync Problem
Hi guys,
I've having some problems getting our iphones and windows 7 mobiles to conect to our exchange server. I have tested active sync using activesync tester from the web and it fails on checking application. I am also finding the following error in the even log:
Log Name: Application
Source: MSExchange ActiveSync
Date: 24/01/2012 20:04:14
Event ID: 1100
Task Category: Requests
Level: Error
Keywords: Classic
User: N/A
Computer: WSTY-SBSERVER.wsty.local
Description:
Exchange ActiveSync device requests for your users are being blocked. This problem frequently occurs when the HTTP OPTIONS method request isn't allowed by the firewall. Please check the firewall that filters requests in front of your Client Access server and the Microsoft-Server-ActiveSyn
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange ActiveSync" />
<EventID Qualifiers="49156">1100</E
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-01-24T20:
<EventRecordID>365975</Eve
<Channel>Application</Chan
<Computer>WSTY-SBSERVER.ws
<Security />
</System>
<EventData>
</EventData>
</Event>
I'm guessing this is the problem why the iphones won't connect. Any ideas guys?
I've having some problems getting our iphones and windows 7 mobiles to conect to our exchange server. I have tested active sync using activesync tester from the web and it fails on checking application. I am also finding the following error in the even log:
Log Name: Application
Source: MSExchange ActiveSync
Date: 24/01/2012 20:04:14
Event ID: 1100
Task Category: Requests
Level: Error
Keywords: Classic
User: N/A
Computer: WSTY-SBSERVER.wsty.local
Description:
Exchange ActiveSync device requests for your users are being blocked. This problem frequently occurs when the HTTP OPTIONS method request isn't allowed by the firewall. Please check the firewall that filters requests in front of your Client Access server and the Microsoft-Server-ActiveSyn
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange ActiveSync" />
<EventID Qualifiers="49156">1100</E
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-01-24T20:
<EventRecordID>365975</Eve
<Channel>Application</Chan
<Computer>WSTY-SBSERVER.ws
<Security />
</System>
<EventData>
</EventData>
</Event>
I'm guessing this is the problem why the iphones won't connect. Any ideas guys?
ASKER
sorry thats where I'm confused as 443 and now 80 are open on the firewall to the exchange server
ASKER
Any other suggestions?
does OWA work from the outside?
Also, can you include a config file from your firewall. This still points to an access list problem. What type of firewall are you running?
Last but not least....configure one of your mobile devices to connect to your internal wireless network if you have one. Then try setting up and accessing your email from the device. If the internal cannot connect, then that rules out the firewall...at least for now....and points to a DNS problem. If you try to ping your webmail address from the outside, the IP that it resolves to should be the same as the IP address that the mapping is set up for on your firewall to exchange.
ASKER
does OWA work from the outside?
Yes I can sucessfully connect to https://remote.domain.com/owa
Also, can you include a config file from your firewall. This still points to an access list problem. What type of firewall are you running?
I will try and get one downloaded from the firewall. They have a Draytek 2830 I have attached a screenshot of the open ports for now.
On your last comment, I'll get them to try this tomorrow but I seem to recall this also doesn't work. If I run the activesync tester on the server it also fails with the 505 error on checking application the same as when I am outside of the network running the same test! It's worth noting that running this test appears to generate the above error in the event log.
If you try to ping your webmail address from the outside, the IP that it resolves to should be the same as the IP address that the mapping is set up for on your firewall to exchange.
The web mail address resolves to one of their static IP's and this IP is mapped to the exchange server on ports 443 and 80 as in the above pic (less the external IP of course)
Ive just noted that the active sync tester report the following:
Failed to detect ActiveSync (HTTP status 505)
hmm could this be an IIS problem?
Yes I can sucessfully connect to https://remote.domain.com/owa
Also, can you include a config file from your firewall. This still points to an access list problem. What type of firewall are you running?
I will try and get one downloaded from the firewall. They have a Draytek 2830 I have attached a screenshot of the open ports for now.
On your last comment, I'll get them to try this tomorrow but I seem to recall this also doesn't work. If I run the activesync tester on the server it also fails with the 505 error on checking application the same as when I am outside of the network running the same test! It's worth noting that running this test appears to generate the above error in the event log.
If you try to ping your webmail address from the outside, the IP that it resolves to should be the same as the IP address that the mapping is set up for on your firewall to exchange.
The web mail address resolves to one of their static IP's and this IP is mapped to the exchange server on ports 443 and 80 as in the above pic (less the external IP of course)
Ive just noted that the active sync tester report the following:
Failed to detect ActiveSync (HTTP status 505)
hmm could this be an IIS problem?
Do you have AV software or a firewall operating on the Exchange server itself? I have heard of issues with Vipre software blocking access?
You may find some help with the IIS portion in this article.
http://technet.microsoft.com/en-us/library/aa998363.aspx
http://technet.microsoft.com/en-us/library/aa998363.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found the solution on another site, have posted link and resolution details as closing comments.
On a remote test via MS i get:
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:
h2{font-size:1.7em;margin:
h3{font-size:1.2em;margin:
#header{width:96%;margin:0
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{backgro
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container">
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
Headers received:
Content-Length: 1233
Cache-Control: private
Content-Type: text/html
Date: Tue, 27 Aug 2013 14:38:37 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:
h2{font-size:1.7em;margin:
h3{font-size:1.2em;margin:
#header{width:96%;margin:0
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{backgro
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container">
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
Headers received:
Content-Length: 1233
Cache-Control: private
Content-Type: text/html
Date: Tue, 27 Aug 2013 14:38:37 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Description:
Exchange ActiveSync device requests for your users are being blocked. This problem frequently occurs when the HTTP OPTIONS method request isn't allowed by the firewall. Please check the firewall that filters requests in front of your Client Access server and the Microsoft-Server-ActiveSyn