Solved

Exchange Server 2003

Posted on 2012-03-29
11
324 Views
Last Modified: 2012-04-04
I'm having an issue with exchange server 2003. I windows server 2003 running as active directory only, and I have exchange server 2003 also running windows 2003. 2 servers both windows 2003 with one being AD and the other being exchange. the issue i'm  having is that none of my users (unless your an admin) can access exchange via OWA or activesync. If they log onto the domain from their PC and open outlook it works fine, but if they try use OWA or Activesync it fails. I have created the additional virtual for activesync and i even  reinstalled my IIS trying to fix this. Attached is 2 images that shows what may be causing the problem. image 1 shows when trying to connect via OWA using my FQDN i get a box prompting for a login. This is correct. If an admin logs in then it opens fine, but if a regular user logs it fails and then presents you with a authentication box pointing to my AD and not the exchange server. This happens on my local network. On a different network it just gives access denied. Maybe this is causing the issue. can anyone give any advise about this. Also I do have an SSL certificate but not using it at the moment while figuring this out.

image 1image 2
This is the error I recieved while testing a regular account with www.testexchangeconnectivity.com

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.timspcsolutions.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 99.23.6.46
 
 Testing TCP port 443 on host mail.timspcsolutions.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server mail.timspcsolutions.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=mail.timspcsolutions.com, OU=Domain Control Validated, O=mail.timspcsolutions.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.timspcsolutions.com was found in the Certificate Subject Common name.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/20/2012 4:06:11 AM, NotAfter = 3/20/2013 4:06:11 AM
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://mail.timspcsolutions.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Fri, 30 Mar 2012 03:35:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
 
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response.


The error I get on a mobile device is:

Checking Certificate...Checking activesynce without SSL
Server is Microsoft - IIS6.0
Activesync was found

Trying activesync protocal 25
Activesync provisioning returns HTTP:200
Activesync provisioning success
The following policies have been requested:

Refreshing AS folders
Error refreshing folders
Trying activesync protocol 2.5
Activesync provisioning returns HTTP:400
Error provisioning Activesync: Policy status is 0

Thanks for any advice in advance.
0
Comment
Question by:timgreen7077
  • 5
  • 2
  • 2
  • +1
11 Comments
 

Expert Comment

by:Secret7Agent
ID: 37785753
I would guess the OWA issue is tied to IIS.

Best solution is to reset the OWA virtual directories in IIS, remove all six OWA virtual directories in IIS and recreating them. Resetting IIS.

Firstly, download and install the IIS 6.0 Resource Kit Tools. Visit the following Microsoft Web site to download the IIS Resource Kit:

http://www.microsoft.com/downloads/details.aspx?FamilyID=56FC92EE-A71A-4C73-B628-ADE 629C89499&displaylang=en

If you prefer not to install all the Resource Kit Tools, click the Custom installation option to install only the Metabase Explorer.

Start IIS. Click Start, All Programs, Administrative Tools, Internet Information Services.

Backup the metabase just in case. To do this, right-click Default Web Site, click All Tasks, and then click Save Configuration to a File. Type a filename for the file and click OK.

Expand Default Web Site, and then delete the following virtual directories:

Microsoft-Server-ActiveSync
OMA
Exadmin
Exchange
Public
ExchWeb

Start Metabase Explorer. To do this, click Start, All Programs, IIS Resources, and then click Metabase Explorer.

Expand the LM key, right-click the DS2MB key, and then click Delete.

Close Metabase Explorer.

Restart the Microsoft Exchange System Attendant service to re-create the virtual directories in IIS.
0
 

Expert Comment

by:Secret7Agent
ID: 37785769
Attaching permissions fix.  

Since Admin can get to the site.
Open-IIS.doc
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37785869
1. Check if the Security Logs are full of this Exchange 2003 Server. If yes, Save and Clear those.

2. Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
 and check if "CrashOnAuditFail" exist, Remove it if it's there.

~ Singh
0
 

Author Comment

by:timgreen7077
ID: 37787135
Secret7Agent: I performed your suggestion about resetting IIS before I posted last night and I got the same result. That's what prompted me to post.
I performed your second suggestion today and I made my Exchange and  ExchWeb virtual directories look like your document. I did have to add the Authenticated User group and the suggestioned permissions but I'm getting the same results.


Padamdeep: I also tried your suggestions and I get the same results. CrashonAuditFail was there, and I removed it like you said, but same result.
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37787420
Did you reboot the server after removing Reg Key?

If not then please do it.

~ Singh
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:timgreen7077
ID: 37787769
I just rebooted and I got the same result. My exchange server is a member server. That doesn't matter does it. It apart of my domain, but it's not an AD. It should matter but just asking. The reboot didn't help though.
0
 
LVL 20

Expert Comment

by:SatyaPathak
ID: 37787783
i would suggest you to please go throgh..

Before make any changes please take a IIS backup after that you can verify the IIS permission on Exchange 2003
 
1) Default Website : Annonymous & Integrated     NO SSL
2) Exadmin : Integrated                                    NO SSL
3) Exchweb : Annonymous                              NO SSL
4) Exchange: Basic                                        SSL Optional
5) RPC     : Basic                                        SSL Required
6) OMA     : Basic                                       SSL Optional
7) Public  : Basic+Integrated                         SSL Optional
8) exchange-oma : Basic & Integrated             NO SSL
9) Microsoft-Server-ActiveSync : Basic           SSL Optional

After that need to restart IIS service and check it.
0
 

Author Comment

by:timgreen7077
ID: 37788161
SatyaPathak: The only thing I needed to change from your suggestion was the RPC, everything else was the same. I made the changes and stopped and restarted IIS. tested and the same problem.
0
 
LVL 20

Expert Comment

by:SatyaPathak
ID: 37788492
I would suggest you to please check user account property make sure self account should be added on the user account. also you can check the Iusers permission.
0
 

Accepted Solution

by:
timgreen7077 earned 0 total points
ID: 37788870
I figured out the issue. I created a brand new acct and tested and sure enough it worked. So I put all my configs back the way they were and tested and it still worked and it worked on OWA and Activesync. So i then realized that each of my user were on my AD domain before we had exchange server. So i delete 1 of the accounts and re-created the account and tested and sure enough it worked. So it seems that since the accounts where created in AD before we ever installed exchange, even though outlook on their desktops worked, OWA and Activesync wasn't regardless. After removing and re-creating the accounts they all work correctly now. Thanks for everyones help in this, I sincerely appreciate it.
0
 

Author Closing Comment

by:timgreen7077
ID: 37805189
removing and recreating the user's accounts fixed this issue.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now