Exchange Server 2003

I'm having an issue with exchange server 2003. I windows server 2003 running as active directory only, and I have exchange server 2003 also running windows 2003. 2 servers both windows 2003 with one being AD and the other being exchange. the issue i'm  having is that none of my users (unless your an admin) can access exchange via OWA or activesync. If they log onto the domain from their PC and open outlook it works fine, but if they try use OWA or Activesync it fails. I have created the additional virtual for activesync and i even  reinstalled my IIS trying to fix this. Attached is 2 images that shows what may be causing the problem. image 1 shows when trying to connect via OWA using my FQDN i get a box prompting for a login. This is correct. If an admin logs in then it opens fine, but if a regular user logs it fails and then presents you with a authentication box pointing to my AD and not the exchange server. This happens on my local network. On a different network it just gives access denied. Maybe this is causing the issue. can anyone give any advise about this. Also I do have an SSL certificate but not using it at the moment while figuring this out.

image 1image 2
This is the error I recieved while testing a regular account with

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned:
 Testing TCP port 443 on host to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject:, OU=Domain Control Validated,, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=, O=", Inc.", L=Scottsdale, S=Arizona, C=US.
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name was found in the Certificate Subject Common name.
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/20/2012 4:06:11 AM, NotAfter = 3/20/2013 4:06:11 AM
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 Testing HTTP Authentication Methods for URL
  The HTTP authentication methods are correct.
   Additional Details
  ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
 An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Pragma: no-cache
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Fri, 30 Mar 2012 03:35:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response.

The error I get on a mobile device is:

Checking Certificate...Checking activesynce without SSL
Server is Microsoft - IIS6.0
Activesync was found

Trying activesync protocal 25
Activesync provisioning returns HTTP:200
Activesync provisioning success
The following policies have been requested:

Refreshing AS folders
Error refreshing folders
Trying activesync protocol 2.5
Activesync provisioning returns HTTP:400
Error provisioning Activesync: Policy status is 0

Thanks for any advice in advance.
LVL 25
timgreen7077Exchange EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would guess the OWA issue is tied to IIS.

Best solution is to reset the OWA virtual directories in IIS, remove all six OWA virtual directories in IIS and recreating them. Resetting IIS.

Firstly, download and install the IIS 6.0 Resource Kit Tools. Visit the following Microsoft Web site to download the IIS Resource Kit: 629C89499&displaylang=en

If you prefer not to install all the Resource Kit Tools, click the Custom installation option to install only the Metabase Explorer.

Start IIS. Click Start, All Programs, Administrative Tools, Internet Information Services.

Backup the metabase just in case. To do this, right-click Default Web Site, click All Tasks, and then click Save Configuration to a File. Type a filename for the file and click OK.

Expand Default Web Site, and then delete the following virtual directories:


Start Metabase Explorer. To do this, click Start, All Programs, IIS Resources, and then click Metabase Explorer.

Expand the LM key, right-click the DS2MB key, and then click Delete.

Close Metabase Explorer.

Restart the Microsoft Exchange System Attendant service to re-create the virtual directories in IIS.
Attaching permissions fix.  

Since Admin can get to the site.
1. Check if the Security Logs are full of this Exchange 2003 Server. If yes, Save and Clear those.

2. Go to
 and check if "CrashOnAuditFail" exist, Remove it if it's there.

~ Singh
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

timgreen7077Exchange EngineerAuthor Commented:
Secret7Agent: I performed your suggestion about resetting IIS before I posted last night and I got the same result. That's what prompted me to post.
I performed your second suggestion today and I made my Exchange and  ExchWeb virtual directories look like your document. I did have to add the Authenticated User group and the suggestioned permissions but I'm getting the same results.

Padamdeep: I also tried your suggestions and I get the same results. CrashonAuditFail was there, and I removed it like you said, but same result.
Did you reboot the server after removing Reg Key?

If not then please do it.

~ Singh
timgreen7077Exchange EngineerAuthor Commented:
I just rebooted and I got the same result. My exchange server is a member server. That doesn't matter does it. It apart of my domain, but it's not an AD. It should matter but just asking. The reboot didn't help though.
Satya PathakLead Technical ConsultantCommented:
i would suggest you to please go throgh..

Before make any changes please take a IIS backup after that you can verify the IIS permission on Exchange 2003
1) Default Website : Annonymous & Integrated     NO SSL
2) Exadmin : Integrated                                    NO SSL
3) Exchweb : Annonymous                              NO SSL
4) Exchange: Basic                                        SSL Optional
5) RPC     : Basic                                        SSL Required
6) OMA     : Basic                                       SSL Optional
7) Public  : Basic+Integrated                         SSL Optional
8) exchange-oma : Basic & Integrated             NO SSL
9) Microsoft-Server-ActiveSync : Basic           SSL Optional

After that need to restart IIS service and check it.
timgreen7077Exchange EngineerAuthor Commented:
SatyaPathak: The only thing I needed to change from your suggestion was the RPC, everything else was the same. I made the changes and stopped and restarted IIS. tested and the same problem.
Satya PathakLead Technical ConsultantCommented:
I would suggest you to please check user account property make sure self account should be added on the user account. also you can check the Iusers permission.
timgreen7077Exchange EngineerAuthor Commented:
I figured out the issue. I created a brand new acct and tested and sure enough it worked. So I put all my configs back the way they were and tested and it still worked and it worked on OWA and Activesync. So i then realized that each of my user were on my AD domain before we had exchange server. So i delete 1 of the accounts and re-created the account and tested and sure enough it worked. So it seems that since the accounts where created in AD before we ever installed exchange, even though outlook on their desktops worked, OWA and Activesync wasn't regardless. After removing and re-creating the accounts they all work correctly now. Thanks for everyones help in this, I sincerely appreciate it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timgreen7077Exchange EngineerAuthor Commented:
removing and recreating the user's accounts fixed this issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.