Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.
Solved
Error 500 when setting up a new smartphone on ActiveSync
Posted on 2012-04-03
We've been running an Exchange 2010 R2 server for the past 6 months and had no issues activating a new Android or iPhone user. Suddenly we are no longer able to create new ActiveSync accounts on any device, but those that have already been activated are synchronizing just fine. I've looked up some of the suggestions, but found that the inheritance issue is not the problem and it is not related to admincount issue either. It happens to all accounts we want to activate, whether old or new. This is what ExRCA shows at the last step that fails.
The server was restarted several times, but to no avail. These are some of the observations and facts:
Testing HTTP Authentication Methods for URL https://xxxxxxxxx*.com/Microsoft-Server-ActiveSync.
The HTTP authentication test failed.
Additional Details
An HTTP 500 response was returned from Unknown.
*(domain x-ed to protect privacy)The HTTP authentication test failed.
Additional Details
An HTTP 500 response was returned from Unknown.
The server was restarted several times, but to no avail. These are some of the observations and facts:
All users are allowed to utilize ActiveSync, it's enabled on all mailbox accounts. The server creates a sub-container in AD for each account that tries to activate a phone, as it should.
The server also nicely cleans it up if we remove the ActiveSync partnership.
We are using self-issued SSL certificate, but that's not the problem because the phones ask if it's okay to continue or cancel during the setup process.
The part where each phone fails is when it tries to create the account and folders at the finishing phase stating "Failed to create the account. Please try again later.".
This is the only Exchange server in our organisation and it is also our domain controller.
We migrated from Exchange 2003 Standard Edition and the old server is no longer an Exchange server, but remain in the AD as a domain controller.
Our WatchGuard firewall doesn't seem to be the culprit either because if I connect my phone directly to the LAN via WiFi, effectively bypassing the firewall, and I use the FQDN of the server instead of our publicly known domain name, I get the same exact error on the phone.
Any help would be appreciated.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
9
6
15 Comments
Active 2 days ago
- Please browse the url https://xxxxxxxxx*.com/Microsoft-Server-ActiveSync and post the output you get.
This is what I get if trying to reach that URL from an outside computer or any computer on the domain.
This is what I get if I go to the https://localhost/Microsoft-Server-ActiveSync from the server's own IE browser.
This is what I get if I go to the https://localhost/Microsoft-Server-ActiveSync from the server's own IE browser.
Active 2 days ago
- Does any webconfig file exists in C:\inetpub\wwwroot? If yes, then rename it and tey to browse the url again.
It does not, I already checked that too. The one that's in the virtual directory for ActiveSync looks fine to me, but if I use an older copy of it dated the same day as the rest of the files in the same folder my ActiveSync stops working and I get the following error.
Active 2 days ago
- Does any redirection is configured on the OWA virtual direcoty? If yes, then disabled it and restart the IIS Admin Service.
Not to my knowledge, but how do I check for sure? I did not redirect any pages, so everything should still be as it was the day we deployed it. I can still get to OWA by typing https;//mydomain.com/owa without a problem.
Active 2 days ago
To Check Redirection enabled on owa:
- Open Internet Infomation Service Manager (IIS)
- Select OWA virtual direcorty > Double Click on HTTP Redirect
- Here check whether Redirect requests to this destination enabled. If yes, then uncheck this option and restat IIS Admin Service.
- After that try to browse https://localhost/Microsoft-Server-ActiveSync
- Open Internet Infomation Service Manager (IIS)
- Select OWA virtual direcorty > Double Click on HTTP Redirect
- Here check whether Redirect requests to this destination enabled. If yes, then uncheck this option and restat IIS Admin Service.
- After that try to browse https://localhost/Microsoft-Server-ActiveSync
Active 2 days ago
- Please refer this article http://technet.microsoft.com/en-us/library/ff629372.aspx
and recreate Microsoft-Server-ActiveSyn
and recreate Microsoft-Server-ActiveSyn
I did as you asked, but at the end when i tried to do "iisreset /noforce", as suggested by the tool, I've got the following error.
Attempting stop...
Restart attempt failed.
The service did not respond to the start or control request in a timely fashion.
(2147943453, 8007041d)
I tried it twice and twice it failed with the same error. After that I just tried iisreset by itself and it finally did it. However, I still get the same error on my phone and the same Error 500.19 in the server's browser.
Attempting stop...
Restart attempt failed.
The service did not respond to the start or control request in a timely fashion.
(2147943453, 8007041d)
I tried it twice and twice it failed with the same error. After that I just tried iisreset by itself and it finally did it. However, I still get the same error on my phone and the same Error 500.19 in the server's browser.
Almost after every iisreset (I've done many) it shows WAS error, an Event ID 5153 like this one:
Log Name: System
Source: Microsoft-Windows-WAS
Date: 4/3/2012 10:32:48 AM
Event ID: 5153
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: xxxxx.xxxx.local
Description:
The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group. There may be problems in viewing and setting security permissions with the IIS_IUSRS group. This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain. Please see the online help for more information and solutions to this problem. The data field contains the error number.
Log Name: System
Source: Microsoft-Windows-WAS
Date: 4/3/2012 10:32:48 AM
Event ID: 5153
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: xxxxx.xxxx.local
Description:
The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group. There may be problems in viewing and setting security permissions with the IIS_IUSRS group. This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain. Please see the online help for more information and solutions to this problem. The data field contains the error number.
I've tried resetting the virtual directory one more time, but this time I've used:
iisreset /noforce /timeout:600
It did it after a minute or so without an error. However, that caused ActiveSync to completely stop working causing RPC to fail as well (Outlook's RPC over https). Then I did iisreset again, just by itself and it brought the ActiveSync/RPC back to life. Alas, my phone is still not happy.
iisreset /noforce /timeout:600
It did it after a minute or so without an error. However, that caused ActiveSync to completely stop working causing RPC to fail as well (Outlook's RPC over https). Then I did iisreset again, just by itself and it brought the ActiveSync/RPC back to life. Alas, my phone is still not happy.
Active 2 days ago
- Are you able to browse https://localhost/Microsoft-Server-ActiveSync successfully?
- What the error you getting now on the mobile device?
- Also perfom test exhcnage connectovty test for activesync and post the details.
- What the error you getting now on the mobile device?
- Also perfom test exhcnage connectovty test for activesync and post the details.
Thank you. I called MS Tech Support and in the middle of our conversation I found the cause myself and fixed it. Hopefully they'll refund the charges.
The fix:
In the Microsoft-Server-ActiveSyn
I've got clued in when I red the 500.19 error from one of the screen shots I posted here earlier. Once those lines were removed and iisreset was performed (twice) everything worked fine. Now I get a healthy response from the https://localhost/Microsoft-Server-ActiveSync asking me for the username and password. I had to do iisreset twice because after the first try the RPC over HTTPS failed to load properly and remote Outlooks were disconnected.
Thank you for trying to help and have a great day!
The fix:
In the Microsoft-Server-ActiveSyn
<httpErrors>
<remove statusCode="501" subStatusCode="-1" />
<error statusCode="501" prefixLanguageFilePath="C:\inetpub\custerr\de-DE" path="501.htm" responseMode="File" />
</httpErrors>
I've got clued in when I red the 500.19 error from one of the screen shots I posted here earlier. Once those lines were removed and iisreset was performed (twice) everything worked fine. Now I get a healthy response from the https://localhost/Microsoft-Server-ActiveSync asking me for the username and password. I had to do iisreset twice because after the first try the RPC over HTTPS failed to load properly and remote Outlooks were disconnected.
Thank you for trying to help and have a great day!
Featured Post
Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restoreâ„¢. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
New style of hardware planning for Microsoft Exchange server.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment.
The video tutorial explains the basics of the Exchange server Database Availability grou…
This Micro Tutorial hows how you can integrate Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.
The following video show how to bind OSX Mavericks to …
Suggested Courses
Course of the Month7 days, 5 hours left to enroll
705 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.