timgreen7077
asked on
Exchange Server 2003
I'm having an issue with exchange server 2003. I windows server 2003 running as active directory only, and I have exchange server 2003 also running windows 2003. 2 servers both windows 2003 with one being AD and the other being exchange. the issue i'm having is that none of my users (unless your an admin) can access exchange via OWA or activesync. If they log onto the domain from their PC and open outlook it works fine, but if they try use OWA or Activesync it fails. I have created the additional virtual for activesync and i even reinstalled my IIS trying to fix this. Attached is 2 images that shows what may be causing the problem. image 1 shows when trying to connect via OWA using my FQDN i get a box prompting for a login. This is correct. If an admin logs in then it opens fine, but if a regular user logs it fails and then presents you with a authentication box pointing to my AD and not the exchange server. This happens on my local network. On a different network it just gives access denied. Maybe this is causing the issue. can anyone give any advise about this. Also I do have an SSL certificate but not using it at the moment while figuring this out.
This is the error I recieved while testing a regular account with www.testexchangeconnectivity.com
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.timspcsolutions.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 99.23.6.46
Testing TCP port 443 on host mail.timspcsolutions.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.timspcsolutions.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.timspcsolutions.co m, OU=Domain Control Validated, O=mail.timspcsolutions.com , Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.timspcsolutions.com was found in the Certificate Subject Common name.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/20/2012 4:06:11 AM, NotAfter = 3/20/2013 4:06:11 AM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://mail.timspcsolutions.com/Microsoft-Server-ActiveSync/.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward ,SmartRepl y,GetAttac hment,GetH ierarchy,C reateColle ction,Dele teCollecti on,MoveCol lection,Fo lderSync,F olderCreat e,FolderDe lete,Folde rUpdate,Mo veItems,Ge tItemEstim ate,Meetin gResponse, ResolveRec ipients,Va lidateCert ,Provision ,Search,No tify,Ping
Content-Length: 0
Date: Fri, 30 Mar 2012 03:35:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
The error I get on a mobile device is:
Checking Certificate...Checking activesynce without SSL
Server is Microsoft - IIS6.0
Activesync was found
Trying activesync protocal 25
Activesync provisioning returns HTTP:200
Activesync provisioning success
The following policies have been requested:
Refreshing AS folders
Error refreshing folders
Trying activesync protocol 2.5
Activesync provisioning returns HTTP:400
Error provisioning Activesync: Policy status is 0
Thanks for any advice in advance.
This is the error I recieved while testing a regular account with www.testexchangeconnectivity.com
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.timspcsolutions.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 99.23.6.46
Testing TCP port 443 on host mail.timspcsolutions.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.timspcsolutions.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.timspcsolutions.co
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.timspcsolutions.com was found in the Certificate Subject Common name.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/20/2012 4:06:11 AM, NotAfter = 3/20/2013 4:06:11 AM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://mail.timspcsolutions.com/Microsoft-Server-ActiveSync/.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Content-Length: 0
Date: Fri, 30 Mar 2012 03:35:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
The error I get on a mobile device is:
Checking Certificate...Checking activesynce without SSL
Server is Microsoft - IIS6.0
Activesync was found
Trying activesync protocal 25
Activesync provisioning returns HTTP:200
Activesync provisioning success
The following policies have been requested:
Refreshing AS folders
Error refreshing folders
Trying activesync protocol 2.5
Activesync provisioning returns HTTP:400
Error provisioning Activesync: Policy status is 0
Thanks for any advice in advance.
1. Check if the Security Logs are full of this Exchange 2003 Server. If yes, Save and Clear those.
2. Go to
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Lsa
and check if "CrashOnAuditFail" exist, Remove it if it's there.
~ Singh
2. Go to
HKEY_LOCAL_MACHINE\SYSTEM\
and check if "CrashOnAuditFail" exist, Remove it if it's there.
~ Singh
ASKER
Secret7Agent: I performed your suggestion about resetting IIS before I posted last night and I got the same result. That's what prompted me to post.
I performed your second suggestion today and I made my Exchange and ExchWeb virtual directories look like your document. I did have to add the Authenticated User group and the suggestioned permissions but I'm getting the same results.
Padamdeep: I also tried your suggestions and I get the same results. CrashonAuditFail was there, and I removed it like you said, but same result.
I performed your second suggestion today and I made my Exchange and ExchWeb virtual directories look like your document. I did have to add the Authenticated User group and the suggestioned permissions but I'm getting the same results.
Padamdeep: I also tried your suggestions and I get the same results. CrashonAuditFail was there, and I removed it like you said, but same result.
Did you reboot the server after removing Reg Key?
If not then please do it.
~ Singh
If not then please do it.
~ Singh
ASKER
I just rebooted and I got the same result. My exchange server is a member server. That doesn't matter does it. It apart of my domain, but it's not an AD. It should matter but just asking. The reboot didn't help though.
i would suggest you to please go throgh..
Before make any changes please take a IIS backup after that you can verify the IIS permission on Exchange 2003
1) Default Website : Annonymous & Integrated NO SSL
2) Exadmin : Integrated NO SSL
3) Exchweb : Annonymous NO SSL
4) Exchange: Basic SSL Optional
5) RPC : Basic SSL Required
6) OMA : Basic SSL Optional
7) Public : Basic+Integrated SSL Optional
8) exchange-oma : Basic & Integrated NO SSL
9) Microsoft-Server-ActiveSyn c : Basic SSL Optional
After that need to restart IIS service and check it.
Before make any changes please take a IIS backup after that you can verify the IIS permission on Exchange 2003
1) Default Website : Annonymous & Integrated NO SSL
2) Exadmin : Integrated NO SSL
3) Exchweb : Annonymous NO SSL
4) Exchange: Basic SSL Optional
5) RPC : Basic SSL Required
6) OMA : Basic SSL Optional
7) Public : Basic+Integrated SSL Optional
8) exchange-oma : Basic & Integrated NO SSL
9) Microsoft-Server-ActiveSyn
After that need to restart IIS service and check it.
ASKER
SatyaPathak: The only thing I needed to change from your suggestion was the RPC, everything else was the same. I made the changes and stopped and restarted IIS. tested and the same problem.
I would suggest you to please check user account property make sure self account should be added on the user account. also you can check the Iusers permission.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
removing and recreating the user's accounts fixed this issue.
Best solution is to reset the OWA virtual directories in IIS, remove all six OWA virtual directories in IIS and recreating them. Resetting IIS.
Firstly, download and install the IIS 6.0 Resource Kit Tools. Visit the following Microsoft Web site to download the IIS Resource Kit:
http://www.microsoft.com/downloads/details.aspx?FamilyID=56FC92EE-A71A-4C73-B628-ADE 629C89499&displaylang=
If you prefer not to install all the Resource Kit Tools, click the Custom installation option to install only the Metabase Explorer.
Start IIS. Click Start, All Programs, Administrative Tools, Internet Information Services.
Backup the metabase just in case. To do this, right-click Default Web Site, click All Tasks, and then click Save Configuration to a File. Type a filename for the file and click OK.
Expand Default Web Site, and then delete the following virtual directories:
Microsoft-Server-ActiveSyn
OMA
Exadmin
Exchange
Public
ExchWeb
Start Metabase Explorer. To do this, click Start, All Programs, IIS Resources, and then click Metabase Explorer.
Expand the LM key, right-click the DS2MB key, and then click Delete.
Close Metabase Explorer.
Restart the Microsoft Exchange System Attendant service to re-create the virtual directories in IIS.