Exchange Active Sync Issues

Please run through my article to check all your settings and then run the Activesync Test (not using Autodiscover) on https://testexchangeconnectivity.com and see if that reports any errors.  Make sure you specify manual server settings.

My Article:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Alan

hi,

1. did you have a look at the iis logging (C:\windows\system32\logfiles\w3svc1) on the server?
2. are any other phones, ie. android or windows mobile, able to sync properly?
3. is a local sync possible (internal via wifi for instance)?

HI Alan

I did run thru that earlier and found that the certificate was incorrect as it was using a dns alias that a previous support company used.

I reissued the certificate using the same details I used for the mx records but on the Microsoft website I get a failure on Validating certificate trust for Windows Mobile devices.

Do you think I need to reboot the server because I issued the new certificate?

Ah - Windows Mobile Devices!  New ones or old ones?

Self-Issued certs are usually a pain on Windows Mobiles and you usually have to install the cert on the device to make them happy.  For $30 you can buy a trusted SSL cert which you can install and then the Windows Mobiles should stop moaning and get on with the job of syncing.  It's been a while since I used a Windows Mobile anything to be honest - I went down the iPhone route and have never looked back!

they are using iPhone's, no windows devices on the network

When I drill down it comes back with " A certificate chain couldn't be constructed for the certificate.

It strange as one of the users just called me and said its working for them however I am trying to configure a different users account on my iPhone and all I am getting is his folders, no content??

Download and install this update to your server (I know it says XP - it should work):

http://www.microsoft.com/en-us/download/details.aspx?id=6149

Alan

Thanks Alan

I just tried that but I getting the same issue. Can it be user related as I am really confused now as to why one user account seems to be ok and not the other

Scrap the last comment, I just tried a different users account and its the same, all subfolders but no content?

Just run a bpa exchange test and got the following critical error: Server ****.local has 1 GB or more of memory, accommodates 23 mailboxes, and the 'HeapDeCommitFreeBlockThreshold' parameter has not been set to 262144. Virtual memory may become quickly fragmented and system instability may occur

Could this be causing an issue?

Generally no - but it is worth changing.

What AV software is on the server?

Sophos

Okay - not usually a problem (but might be).

I have seen incorrect IIS settings cause some to sync and others not to, so please double-check the settings and test again.

Alan

In your guide when you mention realm = yourcompany.com I take it I enter the full external domain name of my client?

The Domain / Realm parts can be left as “\” for the Domain and Blank (empty) for the Realm.  MS recommend it this way, but I have fixed some servers by adding the Domain / Realm as per the settings above.

My blog article has some more up-to-date info in it as it's easier to update ;)

http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-configuration-and-troubleshooting/

Thanks for the link Alan.. appreciate the help!!

I ran the remote connectivity analyzer and all the tests pass which would suggest the server is setup correctly however still no email on the phone just folders.

I checked the event viewer and i am getting the following error:

Unexpected Exchange mailbox Server error: Server: [uk02.UK***.local] User: [joe@uk***.com] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.

any ideas?

If that is a 3005 error - most of those can be ignored, but you may also want to update your copy of massync.dll which you can download from here:

http://www.sohotechnology.co.uk/372368_intl_i386_zip.exe

This is referenced in the following KB article:

http://support.microsoft.com/kb/967046

But you have to ask MS for a copy!

How can I tell if its a 3005 error ?
Do you think I should update the dll regardless?

It will show Event ID 3005 in the Application Event Log.

It won't hurt to update the dll and it could help.

Alan

Thanks Alan..

so once I downloaded the file I take it I need to change the value of the msExchWirelessAdminEnable attribute on the Exchange server as mentioned in the article?

Yes - absolutely.

Hi Alan

I updated the dll as mentioned but it did not resolve the error, after further tweaking i ended up getting the http 500 error with regards to the virtual directories being setup incorrectly.

I followed your blog which led me backup the virtual directories and recreate, i then went through the configuration as you described and managed to a successful test on the connectivity analyzer however i am still faced with the same issue that on the phones the folders sync but no content.

On the server i am getting the same error as before: Unexpected Exchange mailbox Server error: Server: [uk02.UK***.local] User: [joe@uk***.com] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.

*Update*

Just to confuse things even more...

I created a test user account and i can confirm that i am able to sync successfully with this account on my mobile, I am able to send and receive on my mobile which syncs perfectly with owa.

Now this would prove that the server is setup correctly for active sync.. what i cant understand is that why the existing users mailboxes are experiencing these issues.

I have checked on the existing users properties and i what i have noticed is that most of the effected users have more than one smtp address listed & also the check box "automatically update email addresses based on recipient policy" is not ticked.

Could this be causing any issues?

I also do not seem to be getting the http 409 errors any more..

Does each problem user have an email address based on the default domain e.g., yourdomain.local?  If not - please add one.

Also check that the inherited permissions check box is ticked for the problem accounts as per my other article (which despite it saying Exchange 2007 / 2010, is relevant):

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Alan

Yes each of the problem users have an email address based on the default domain as there is only one accepted domain configured on the server, they also all have the inherited permissions box checked.

What changed prior to Activesync stopping?

Can you / have you reinstalled Exchange 2003 SP2?  If not - please do and report back.

You may have issues with the IMF, in which case, please refer to the following article to get past that hurdle:

http://exchangepedia.com/blog/2006/11/update-manually-removing-imf-v1.html

Alan

As far as I am aware nothing changed server side apart from me installing a new ups the weekend before the issue started happening but it dosent makes sence that new accounts work fine where as existing accounts are effected.

Sp2 is currently installed but I will try a reinstall this evening and let you know the outcome.

I also ran an offline defrag of the exchange database last night which made no difference.

An offline defrag won't usually help unless you run a repair, defrag and integrity check.

What sort of UPS was it and which version of software?

Alan

APC Smart UPS

Latest Version or powerchute..

Have you run the Connect to the Internet Wizard recently?

If not - please do.  Change nothing and let it complete.

Then re-test on the test site.

Alan

I did when i reissued the certificate for the server..

i will run it again now and will then try sp2

Okay - thanks.

Let me know how you get on.

Alan

I just ran the wizard & then the connectivity analzyer and i am getting a failure on port 443.

This was not happening prior to running the wizard, i checked my router and port 443 is open and pointed to the server however on canyouseeme.org i am getting a failure.

When i ran the connect to internet wizard i did get a failure on being unable to configure the firewall but i thought this was normal and referring to the firewall on my router not windows?

Aha! - can you please check my article here:

http://alanhardisty.wordpress.com/2012/02/20/sbs-2003-connect-to-the-internet-wizard-fails-at-firewall-configuration/

Alan

I just noticed that IIS is not running along with all of the websites which would explain the 443 issue...

They seem to have stopped when i ran the connect to internet wizard??

I am rebooting the server now to see if i can get them going again as iis admin would not start manually

The SBS Wizard needs to finish and if it doesn't, there is usually a good reason, one of which you might solve with my article.

nice 1 alan.. i think we are getting close!!

The server is currently rebooting, once i check all the default websites are running shall i run the wizard again without changing anything to ensure it fails on the firewall again?

Before running the wizard i will also try the connectivity analzer to see what comes back

Yes please.

Don't worry about the analyzer yet - just run the wizard and see what the log shows when it fails and see if my article is on the money.

I just ran the wizard which again failed on the firewall configuration.

I also noticed that the wizard stopped "company web" in IIS.

I looked at your article and it mentions to navigate to C:\Program Files\Microsoft Windows Small Business Server\Support) to check the log however i do not have support directory (See attached Screen)?
Screen-Shot-2013-07-03-at-22.37..png

I checked the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Intranet
which showed IIS://LOCALHOST/W3SVC/4 which also matches the identifier value in IIS manager (See Screen)

I definitely think we are onto something here...

Look forward to hearing from you
Screen-Shot-2013-07-03-at-22.58..png

Okay - are the SBS Server tools installed?

Control Panel> Add/Remove Programs> Windows Small Business Server 2003> Change/Remove> Next> Next>

On the Components section - what is installed?

Component-Selection.bmp

any thoughts alan?

Sorry - manic day.  Can you reinstall the Server Tools please.

no worries alan...

let me know if the selection is ok and i will reinstall...

will this have any effect on the productivity of the sever i.e. emails & fax service stop working or need reconfiguration?
Screen-Shot-2013-07-04-at-21.32..png

No productivity problems at all.

Go for it.

Alan

thanks alan...

running the install @ the minute

Okay - let me know how it goes.

reinstall finished alan.. i checked the log and there does appear to be errors but i am not sure what i am looking for, shall i attach a copy of the log?

Which log?

icw.. as mentioned in your article?

Sorry. Yes please.

Is there a way I can upload the log so only you can see as its contains lots of info regrading the network..

Not really.

Alan

Thanks Alan..

For the purpose of the thread i will upload the problem ares once diagnosed

Okay - can you run through your IIS settings following the info in this link please:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/3e7c2bd1-453f-4424-a2ba-06644df86425/ceicw-sbs-2003-fails-to-complete-at-firewall-configuration

Then re-run the wizard and see if it completes happily.

Seems to be caused by too many manually changed IIS settings and the wizard can't cope!

Alan

I will try it over the weekend and come back to you.

Just out if curiosity I had an issue on the sever this morning where nobody could write anything to the shared drives (shared folders on c:)
It turned out that there were quotas set on the drive & was wondering if the wizard we ran last night could have caused this??

Quotas are set by default on SBS, but I wasn't aware that re-running the wizard put it back again.  I have always removed quotas and re-running the wizard has never caused me headaches on quotas.

Out of curiosity - what was the application you had installed?

Hi Alan

It was a trial of disk keeper that had been installed due to massive defragmentation on the hard drive.

When I thought about it, it was the only thing I had done prior to the issue occurring,

Thanks - glad you got it sorted and sorry we didn't help you narrow it down.

Alan

No problem Alan, glad we sorted it in the end and really appreciated all your help with the issue.

Dan

Always a pleasure.

If only I'd remembered my Blog article:

http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-configuration-and-troubleshooting/

"Recent Update (10/07/13) - DO NOT INSTALL programs such as Disk Keeper on any server running Exchange as it too will break Activesync!"

Maybe I'll remember it next time!

Issue was resolved by myself by uninstalling an application I had installed previously