Exchange 2003 SP2 Activesync no longer working with iPhones

rand1964
rand1964 used Ask the Experts™
on
Exchange 2003 sp2 on Windows server 2003 Enterprise (NOT small business server)
Single email server setup as backend on single domain

I have been through the famous walkthrough on EE about activesync on Exchange 2003.  It still isn't working.
It was working until last Thursday or Friday...we had one guys iphone still working with ActiveSync on Monday...while his was working we plugged in the information for an employee's that wasn't working.  It didn't work.  When he put his information back in the phone it no longer worked.

I am at a complete loss to explain this or fix it.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
DhananjayTechnical Consultant
Commented:
Check the status of activesync whether it is enabled or disabled,refer the below link.
http://technet.microsoft.com/en-us/library/aa997489(v=exchg.65).aspx

Check the Microsoft Exchange ActiveSync Connectivity Tests using the below link.
https://www.testexchangeconnectivity.com/
Alan HardistyCo-Owner
Top Expert 2011
Commented:
Are you using Forms-Based Authentication (pretty login screen vs plain window) for Webmail?

If you have been through my article, did anything need changing?

Are all other users working happily?

What Anti-Virus software is installed in the server?  If you have Microsoft Security Essentials, uninstall it as it breaks Activesync.

Alan

Author

Commented:
I had Microsoft Security Essentials and removed it.  It still didn't work.
Activesync is enabled on the users.

I reset all the IIS directories using adsutil.vbs

It hasn't solved the problem.

The Exchange Analyzer tells me :

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 Testing of the OPTIONS command failed. For more information, see Additional Details.
  Tell me more about this issue and how to resolve it
 Additional Details
 ExRCA couldn't find MS-Server-ActiveSync and MS-ASProtocolVersions header. Headers received were: MS-Author-Via: DAV
DASL: <DAV:sql>
DAV: 1, 2
Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
Allow: OPTIONS, TRACE, GET, HEAD, LOCK, UNLOCK
Accept-Ranges: bytes
Content-Length: 0
Cache-Control: private
Date: Wed, 26 Dec 2012 17:21:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - is the error you get via the test site an error 500 which is why you followed kb883380?

What about the answer to the Forms-Based Authentication question?

Alan

Author

Commented:
I have tried with and without forms based...neither works.  For years we have had forms based enabled and it has worked.

Author

Commented:
I don't see any error number via the test site...where do I find it?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - do you currently have Forms-Based Authentication enabled?

The error number is usually under the last expandable area on the test site.

You need to run the test (without Autodiscover) and specify manual server settings.

Alan

Author

Commented:
Yes...Forms based is enabled and test run without autodiscover
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - with FBA enabled, have you followed KB817379 to create the exchange-oma virtual directory?

With SSL enabled on the Exchange virtual directory, you need the exchange-oma setup and using port 80 (no SSL) to make Activesync work properly.

Author

Commented:
The error at the end is exactly as posted above:

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the Exchange ActiveSync session.
 Test Steps
 Attempting to send the OPTIONS command to the server.
 Testing of the OPTIONS command failed. For more information, see Additional Details.
  Tell me more about this issue and how to resolve it
 Additional Details
 ExRCA couldn't find MS-Server-ActiveSync and MS-ASProtocolVersions header. Headers received were: MS-Author-Via: DAV
DASL: <DAV:sql>
DAV: 1, 2
Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
Allow: OPTIONS, TRACE, GET, HEAD, LOCK, UNLOCK
Accept-Ranges: bytes
Content-Length: 0
Cache-Control: private
Date: Wed, 26 Dec 2012 17:21:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

Author

Commented:
OK....I applied the KB817379  and made the new directory.  Nothing...still not working.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Did you add the registry key too?

Once done, did you run iisreset?

Author

Commented:
Yes on both counts
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Can you please post a screen-dump of the forward lookup zones of your DNS Server (hide the internal domain name if you want to protect your identity, but not more that the domain part please).

Alan

Author

Commented:
I will get back tomorrow on this.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
No problems.

Catch you tomorrow.

Alan

Author

Commented:
What are you looking for with the forward lookup zones....it would take a lot of name changing on my part to get information off there that I don't want public...
looking for MX records?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
No - want to see the internal.local name and _msdcs.internal.local names.

Nothing more than the top level domains.

If you prefer - you can email me a picture to alan @ it-eye.co.uk - I'll keep it private.

Alan
Commented:
Solved:   in IIS, the "Default Website" properties for authentication were set wrong.  Anonymous was disabled and Basic and Integrated was checked.  I am still not sure how this happened...I didn't do it mself.
However, when "Anonymous" was checked and all others unchecked it started working and all iphones are connecting once again.

Author

Commented:
I appreciate everyone's help.  Thanks to Alan Hardisty for following through multiple steps with me.  That's why I am a member of Experts Exchange...there is no other forum where you can get this kind of "tech support" at such a high rate of quality and experience.

Thanks djsharma the exchange analyzer tool was helpful and previously I didn't know about it.

This issue with iPhones and Exchange seems to be a huge issue with many, many different reasons and solutions.  
Hopefully somebody that has this same issue will be helped by this particular solution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial