Exchange Server 2003

Posted on 2012-03-29
Last Modified: 2012-04-04
I'm having an issue with exchange server 2003. I windows server 2003 running as active directory only, and I have exchange server 2003 also running windows 2003. 2 servers both windows 2003 with one being AD and the other being exchange. the issue i'm  having is that none of my users (unless your an admin) can access exchange via OWA or activesync. If they log onto the domain from their PC and open outlook it works fine, but if they try use OWA or Activesync it fails. I have created the additional virtual for activesync and i even  reinstalled my IIS trying to fix this. Attached is 2 images that shows what may be causing the problem. image 1 shows when trying to connect via OWA using my FQDN i get a box prompting for a login. This is correct. If an admin logs in then it opens fine, but if a regular user logs it fails and then presents you with a authentication box pointing to my AD and not the exchange server. This happens on my local network. On a different network it just gives access denied. Maybe this is causing the issue. can anyone give any advise about this. Also I do have an SSL certificate but not using it at the moment while figuring this out.

image 1image 2
This is the error I recieved while testing a regular account with

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned:
 Testing TCP port 443 on host to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject:, OU=Domain Control Validated,, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=, O=", Inc.", L=Scottsdale, S=Arizona, C=US.
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name was found in the Certificate Subject Common name.
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/20/2012 4:06:11 AM, NotAfter = 3/20/2013 4:06:11 AM
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 Testing HTTP Authentication Methods for URL
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Pragma: no-cache
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Fri, 30 Mar 2012 03:35:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response.

The error I get on a mobile device is:

Checking Certificate...Checking activesynce without SSL
Server is Microsoft - IIS6.0
Activesync was found

Trying activesync protocal 25
Activesync provisioning returns HTTP:200
Activesync provisioning success
The following policies have been requested:

Refreshing AS folders
Error refreshing folders
Trying activesync protocol 2.5
Activesync provisioning returns HTTP:400
Error provisioning Activesync: Policy status is 0

Thanks for any advice in advance.
Question by:timgreen7077
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1

Expert Comment

ID: 37785753
I would guess the OWA issue is tied to IIS.

Best solution is to reset the OWA virtual directories in IIS, remove all six OWA virtual directories in IIS and recreating them. Resetting IIS.

Firstly, download and install the IIS 6.0 Resource Kit Tools. Visit the following Microsoft Web site to download the IIS Resource Kit: 629C89499&displaylang=en

If you prefer not to install all the Resource Kit Tools, click the Custom installation option to install only the Metabase Explorer.

Start IIS. Click Start, All Programs, Administrative Tools, Internet Information Services.

Backup the metabase just in case. To do this, right-click Default Web Site, click All Tasks, and then click Save Configuration to a File. Type a filename for the file and click OK.

Expand Default Web Site, and then delete the following virtual directories:


Start Metabase Explorer. To do this, click Start, All Programs, IIS Resources, and then click Metabase Explorer.

Expand the LM key, right-click the DS2MB key, and then click Delete.

Close Metabase Explorer.

Restart the Microsoft Exchange System Attendant service to re-create the virtual directories in IIS.

Expert Comment

ID: 37785769
Attaching permissions fix.  

Since Admin can get to the site.

Expert Comment

ID: 37785869
1. Check if the Security Logs are full of this Exchange 2003 Server. If yes, Save and Clear those.

2. Go to
 and check if "CrashOnAuditFail" exist, Remove it if it's there.

~ Singh
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Author Comment

ID: 37787135
Secret7Agent: I performed your suggestion about resetting IIS before I posted last night and I got the same result. That's what prompted me to post.
I performed your second suggestion today and I made my Exchange and  ExchWeb virtual directories look like your document. I did have to add the Authenticated User group and the suggestioned permissions but I'm getting the same results.

Padamdeep: I also tried your suggestions and I get the same results. CrashonAuditFail was there, and I removed it like you said, but same result.

Expert Comment

ID: 37787420
Did you reboot the server after removing Reg Key?

If not then please do it.

~ Singh

Author Comment

ID: 37787769
I just rebooted and I got the same result. My exchange server is a member server. That doesn't matter does it. It apart of my domain, but it's not an AD. It should matter but just asking. The reboot didn't help though.
LVL 20

Expert Comment

by:Satya Pathak
ID: 37787783
i would suggest you to please go throgh..

Before make any changes please take a IIS backup after that you can verify the IIS permission on Exchange 2003
1) Default Website : Annonymous & Integrated     NO SSL
2) Exadmin : Integrated                                    NO SSL
3) Exchweb : Annonymous                              NO SSL
4) Exchange: Basic                                        SSL Optional
5) RPC     : Basic                                        SSL Required
6) OMA     : Basic                                       SSL Optional
7) Public  : Basic+Integrated                         SSL Optional
8) exchange-oma : Basic & Integrated             NO SSL
9) Microsoft-Server-ActiveSync : Basic           SSL Optional

After that need to restart IIS service and check it.

Author Comment

ID: 37788161
SatyaPathak: The only thing I needed to change from your suggestion was the RPC, everything else was the same. I made the changes and stopped and restarted IIS. tested and the same problem.
LVL 20

Expert Comment

by:Satya Pathak
ID: 37788492
I would suggest you to please check user account property make sure self account should be added on the user account. also you can check the Iusers permission.

Accepted Solution

timgreen7077 earned 0 total points
ID: 37788870
I figured out the issue. I created a brand new acct and tested and sure enough it worked. So I put all my configs back the way they were and tested and it still worked and it worked on OWA and Activesync. So i then realized that each of my user were on my AD domain before we had exchange server. So i delete 1 of the accounts and re-created the account and tested and sure enough it worked. So it seems that since the accounts where created in AD before we ever installed exchange, even though outlook on their desktops worked, OWA and Activesync wasn't regardless. After removing and re-creating the accounts they all work correctly now. Thanks for everyones help in this, I sincerely appreciate it.

Author Closing Comment

ID: 37805189
removing and recreating the user's accounts fixed this issue.

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question