Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Exchange Server 2003

Posted on 2012-03-29
Medium Priority
Last Modified: 2012-04-04
I'm having an issue with exchange server 2003. I windows server 2003 running as active directory only, and I have exchange server 2003 also running windows 2003. 2 servers both windows 2003 with one being AD and the other being exchange. the issue i'm  having is that none of my users (unless your an admin) can access exchange via OWA or activesync. If they log onto the domain from their PC and open outlook it works fine, but if they try use OWA or Activesync it fails. I have created the additional virtual for activesync and i even  reinstalled my IIS trying to fix this. Attached is 2 images that shows what may be causing the problem. image 1 shows when trying to connect via OWA using my FQDN i get a box prompting for a login. This is correct. If an admin logs in then it opens fine, but if a regular user logs it fails and then presents you with a authentication box pointing to my AD and not the exchange server. This happens on my local network. On a different network it just gives access denied. Maybe this is causing the issue. can anyone give any advise about this. Also I do have an SSL certificate but not using it at the moment while figuring this out.

image 1image 2
This is the error I recieved while testing a regular account with www.testexchangeconnectivity.com

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.timspcsolutions.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned:
 Testing TCP port 443 on host mail.timspcsolutions.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server mail.timspcsolutions.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=mail.timspcsolutions.com, OU=Domain Control Validated, O=mail.timspcsolutions.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.timspcsolutions.com was found in the Certificate Subject Common name.
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/20/2012 4:06:11 AM, NotAfter = 3/20/2013 4:06:11 AM
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 Testing HTTP Authentication Methods for URL https://mail.timspcsolutions.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Pragma: no-cache
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Fri, 30 Mar 2012 03:35:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response.

The error I get on a mobile device is:

Checking Certificate...Checking activesynce without SSL
Server is Microsoft - IIS6.0
Activesync was found

Trying activesync protocal 25
Activesync provisioning returns HTTP:200
Activesync provisioning success
The following policies have been requested:

Refreshing AS folders
Error refreshing folders
Trying activesync protocol 2.5
Activesync provisioning returns HTTP:400
Error provisioning Activesync: Policy status is 0

Thanks for any advice in advance.
Question by:timgreen7077
  • 5
  • 2
  • 2
  • +1

Expert Comment

ID: 37785753
I would guess the OWA issue is tied to IIS.

Best solution is to reset the OWA virtual directories in IIS, remove all six OWA virtual directories in IIS and recreating them. Resetting IIS.

Firstly, download and install the IIS 6.0 Resource Kit Tools. Visit the following Microsoft Web site to download the IIS Resource Kit:

http://www.microsoft.com/downloads/details.aspx?FamilyID=56FC92EE-A71A-4C73-B628-ADE 629C89499&displaylang=en

If you prefer not to install all the Resource Kit Tools, click the Custom installation option to install only the Metabase Explorer.

Start IIS. Click Start, All Programs, Administrative Tools, Internet Information Services.

Backup the metabase just in case. To do this, right-click Default Web Site, click All Tasks, and then click Save Configuration to a File. Type a filename for the file and click OK.

Expand Default Web Site, and then delete the following virtual directories:


Start Metabase Explorer. To do this, click Start, All Programs, IIS Resources, and then click Metabase Explorer.

Expand the LM key, right-click the DS2MB key, and then click Delete.

Close Metabase Explorer.

Restart the Microsoft Exchange System Attendant service to re-create the virtual directories in IIS.

Expert Comment

ID: 37785769
Attaching permissions fix.  

Since Admin can get to the site.

Expert Comment

ID: 37785869
1. Check if the Security Logs are full of this Exchange 2003 Server. If yes, Save and Clear those.

2. Go to
 and check if "CrashOnAuditFail" exist, Remove it if it's there.

~ Singh
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 37787135
Secret7Agent: I performed your suggestion about resetting IIS before I posted last night and I got the same result. That's what prompted me to post.
I performed your second suggestion today and I made my Exchange and  ExchWeb virtual directories look like your document. I did have to add the Authenticated User group and the suggestioned permissions but I'm getting the same results.

Padamdeep: I also tried your suggestions and I get the same results. CrashonAuditFail was there, and I removed it like you said, but same result.

Expert Comment

ID: 37787420
Did you reboot the server after removing Reg Key?

If not then please do it.

~ Singh

Author Comment

ID: 37787769
I just rebooted and I got the same result. My exchange server is a member server. That doesn't matter does it. It apart of my domain, but it's not an AD. It should matter but just asking. The reboot didn't help though.
LVL 20

Expert Comment

by:Satya Pathak
ID: 37787783
i would suggest you to please go throgh..

Before make any changes please take a IIS backup after that you can verify the IIS permission on Exchange 2003
1) Default Website : Annonymous & Integrated     NO SSL
2) Exadmin : Integrated                                    NO SSL
3) Exchweb : Annonymous                              NO SSL
4) Exchange: Basic                                        SSL Optional
5) RPC     : Basic                                        SSL Required
6) OMA     : Basic                                       SSL Optional
7) Public  : Basic+Integrated                         SSL Optional
8) exchange-oma : Basic & Integrated             NO SSL
9) Microsoft-Server-ActiveSync : Basic           SSL Optional

After that need to restart IIS service and check it.

Author Comment

ID: 37788161
SatyaPathak: The only thing I needed to change from your suggestion was the RPC, everything else was the same. I made the changes and stopped and restarted IIS. tested and the same problem.
LVL 20

Expert Comment

by:Satya Pathak
ID: 37788492
I would suggest you to please check user account property make sure self account should be added on the user account. also you can check the Iusers permission.

Accepted Solution

timgreen7077 earned 0 total points
ID: 37788870
I figured out the issue. I created a brand new acct and tested and sure enough it worked. So I put all my configs back the way they were and tested and it still worked and it worked on OWA and Activesync. So i then realized that each of my user were on my AD domain before we had exchange server. So i delete 1 of the accounts and re-created the account and tested and sure enough it worked. So it seems that since the accounts where created in AD before we ever installed exchange, even though outlook on their desktops worked, OWA and Activesync wasn't regardless. After removing and re-creating the accounts they all work correctly now. Thanks for everyones help in this, I sincerely appreciate it.

Author Closing Comment

ID: 37805189
removing and recreating the user's accounts fixed this issue.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question