Exchange 2010 Activesync stopped working externally

Hi all
Yesterday, we had a power outage and for some reason activesync will not work for any device using the external website.  It works fine internally connected to the lan.  I have restarted the server; recycled the app pools; and restarted II admin.  I looked in the event viewer and there are no errors.  Any suggestions?  This is crucial.

Thanks
SalongeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

essaydaveCommented:
Hey, have you tried Microsoft's Remote Connectivity Analyser?

https://testconnectivity.microsoft.com/

That gives you a lot more information on why it's not working, that should help find what part's broken.   Give it a run and let us know where it breaks down.
0
SalongeAuthor Commented:
It breaks instantly. It had no problem with the DNS and name but every other test failed
0
vmdudeCommented:
Ok so DNS resolves the name but every other test fails. What are you using to make Active Sync externally accessible? Do you have port forwarding through a firewall or do you have a reverse proxy such as Microsoft Threat Management Gateway?

Assuming you have OWA externally does that work?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Vijaya Babu SekarAssociate Ops ManagerCommented:
if it works in the internally. it will not problem with Exchange services. so you may refer the portsbetween exchange to web publish server like ISA, TMG etc. should located in DMZ,

you can check the external url in virtual directory for Exchange server.


Thanks.
0
SalongeAuthor Commented:
Owa also does not work externally.
0
vmdudeCommented:
Ok so it sounds like something is not getting through on port 443. You mentioned that you had a powercut, I would check that all devices, servers and services are back up and working correctly. This included Firewalls, ISA server (if used)
To troubleshoot further we really need to know how these services are published externally.
0
Alan HardistyCo-OwnerCommented:
Sounds like your router lost it's port forwarding of port 443.

Maybe the config wasn't saved and it reverted back to a pre-saved state where port 443 wasn't open.

I'd check that first.

Alan
0
SalongeAuthor Commented:
I did a port test but it 443 is fine, but 80 is closed.  How do I get that open in the router?
0
Alan HardistyCo-OwnerCommented:
You don't need port 80 open unless you are using Activesync without SSL, which isn't in the least bit advisable, or you are hosting websites that need to be available publicly.

Alan
0
vmdudeCommented:
You don't is the simple answer. If port 443 is open and working then no need to open up port 80. This will not work for ActiveSync or OWA without some configuration, which is NOT recommended.

Please post the results of the tests from the following site. This will help diagnose the issue faster. Otherwise a lot of guess work will take place.

https://testconnectivity.microsoft.com/
0
SalongeAuthor Commented:
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Additional Details
 Elapsed Time: 1140 ms.

 Test Steps
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
 Testing of Autodiscover for Exchange ActiveSync failed.
 Additional Details
 Elapsed Time: 1140 ms.

 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Additional Details
 Elapsed Time: 1140 ms.

 Test Steps
 Attempting to test potential Autodiscover URL https://cvhsinc.org/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Additional Details
 Elapsed Time: 425 ms.

 Test Steps
 Attempting to resolve the host name cvhsinc.org in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 64.209.141.35 Elapsed Time: 37 ms.

Testing TCP port 443 on host cvhsinc.org to ensure it's listening and open.
 The port was opened successfully.
 Additional Details
 Elapsed Time: 137 ms.

Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Additional Details
 Elapsed Time: 250 ms.

 Test Steps
 The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server cvhsinc.org on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US. Elapsed Time: 228 ms.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name cvhsinc.org doesn't match any name found on the server certificate E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US. Elapsed Time: 0 ms.





Attempting to test potential Autodiscover URL https://autodiscover.cvhsinc.org/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Additional Details
 Elapsed Time: 454 ms.

 Test Steps
 Attempting to resolve the host name autodiscover.cvhsinc.org in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 64.209.141.35 Elapsed Time: 57 ms.

Testing TCP port 443 on host autodiscover.cvhsinc.org to ensure it's listening and open.
 The port was opened successfully.
 Additional Details
 Elapsed Time: 142 ms.

Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Additional Details
 Elapsed Time: 254 ms.

 Test Steps
 The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.cvhsinc.org on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US. Elapsed Time: 232 ms.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name autodiscover.cvhsinc.org doesn't match any name found on the server certificate E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US. Elapsed Time: 0 ms.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Additional Details
 Elapsed Time: 227 ms.

 Test Steps
 Attempting to resolve the host name autodiscover.cvhsinc.org in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 64.209.141.35 Elapsed Time: 7 ms.

Testing TCP port 80 on host autodiscover.cvhsinc.org to ensure it's listening and open.
 The port was opened successfully.
 Additional Details
 Elapsed Time: 75 ms.

The Microsoft Connectivity Analyzer is checking the host autodiscover.cvhsinc.org for an HTTP redirect to the Autodiscover service.
 The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
 Additional Details
 A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Headers received:
Connection: close
Content-Length: 316
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 22 Oct 2013 10:38:15 GMT
Server: Apache/2.2.9 (Fedora)

Elapsed Time: 144 ms.



Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 Additional Details
 Elapsed Time: 32 ms.

 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.cvhsinc.org in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
 Additional Details
 Elapsed Time: 32 ms.
0
Alan HardistyCo-OwnerCommented:
Okay - looks like port 443 is open, but forwarded to something other than the Exchange Server internally.

Please check your router / firewall port forwarding rules and make sure it is being forwarded to your Exchange Server.

It currently points to a Plesk Control Panel.

Alan
0
SalongeAuthor Commented:
Will this problem prevent outgoing email?
0
essaydaveCommented:
It sounds like your cert is bound to a different address - can you try the steps in

http://support.microsoft.com/kb/940726

and see how you go?    Elan Shudnow wrote a great article on it (if it's the case):

http://www.shudnow.net/?s=autodiscoverserviceinternaluri
0
Alan HardistyCo-OwnerCommented:
No - outgoing emails don't use Activesync (port 443), they use port 25 outbound (or another port if you relay emails via a 3rd party Smart Host).

If you are having outbound email problems, it sounds like you lost a lot of the config on your firewall / router.  What sort do you have?

Alan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SalongeAuthor Commented:
Cisco 2900
0
Alan HardistyCo-OwnerCommented:
I thought you would have said Cisco something.

Do you manage the Cisco or does someone else?

Cisco's can have running configs and saved configs.  If someone modified the config and didn't save it, then when you had the power cut, the saved config would have been the one it boots up with and that would explain the loss of services.

Looks like the config needs to be examined and put back to how it needs to be now.

Alan
0
vmdudeCommented:
I agree with Alan. This is fairly common if you do not save the config of Cisco.
 
There is normally a port forwarding/NAT rule that translates the external IP of the router and maps it to the internal IP of the Exchange server. port 443 should then be allowed through for this rule.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.