Solved

Windows 2008 Small Business Server and ActiveSync not working on it

Posted on 2013-11-06
7
30 Views
Last Modified: 2016-02-13
I have a Windows 2008 Small Business Server that is utilizing the included MS Exchange component.  Exchange and OWA have always worked fine.  I was tasked with getting an Android phone working with this server using the ActiveSync component.  I have done this with Exchange 2003, 2007 and 2010 with no problems at all.  The first problem I had was that ActiveSync was being reported as not being installed when I ran the ActiveSync tester from mxtoolbox.com.  When I looked at the server, I could see that it was installed and enabled, but it was on a different site than OWA.  See the attached picture (screenshot.jpg).  The Default Website contained OWA and the SBS Web Applications containing activesync was another site on the server and was not started because it was claiming that the Default Website has the ports open.

As a test, I stopped the default site and started the SBS Web Applications site.  At that point, ActiveSync was detected by the tester but it reported that ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]  So, I was getting farther.  I could not find a reason for the "disabled for this user" because everything is set up correctly and I have followed numerous troubleshooting articles for hours on end trying to figure this out.  Part of it may be that I was testing with a self signed cert.

My main question is, why are OWA and ActiveSync on different sites?  I only have one public IP address that NATs to the ip address of the internal exchange server for OWA.  I obviously can't run both the default website and sbs web applications on the same private ip on the exchange server so I am not sure what to do.  The firewall NATS http and https traffic to the single private IP of the Exchange server and the Default Website was running on that.  I assume that activesync relies on owa being available?  I need to figure out how to get both sites running because I do need OWA and ActiveSync to both work correctly.

I am starting to think I just need to move OWA to the SBS Web Applications site but I am just not sure.  That does seem to be the most logical if I knew how to do it.
screenshot2.jpg
0
Comment
Question by:Steve Bantz
  • 5
  • 2
7 Comments
 

Author Comment

by:Steve Bantz
ID: 39627762
Ok, so I didn't want to wait.  After researching a bit, I did find that it is NOT normal for OWA and ActiveSync to be under different sites in Windows Server 2008 SBS.  It is definitely not supposed to be that way.  So, to move OWA to the right location, I did this:

Backed up IIS 7 first!

Went to the Exchange Management Shell and issued:
Remove-OwaVirtualDirectory "owa (Default Web Site)"

New-OwaVirtualDirectory -OwaVersion "Exchange2007" -Name "owa" -WebSiteName "SBS Web Applications"
Then I stopped the default web site and configured the SBS Web Applications site to use the private IP of the Exchange server on port 80 and 443.

OWA works just fine from outside the network.  Thank heaven.
However, I am still getting a failure when testing ActiveSync.  It says ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].

Will keep trying.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39629217
my recommendation would be to go here and run the ActiveSync test
https://testconnectivity.microsoft.com/

You'll get much more detailed info
0
 

Author Comment

by:Steve Bantz
ID: 39630338
This is what I get when running the test with that tool.  Everything is fine until the very end.  I have verified that basic authentication is all that is being used.  

Testing HTTP Authentication Methods for URL https://mail.xxx.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication test failed.
 
 Additional Details
 
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
 <h2>403 - Forbidden: Access is denied.</h2>
 <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>

Headers received:
Content-Length: 1233
Content-Type: text/html
Date: Thu, 07 Nov 2013 14:58:45 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET


Elapsed Time: 68 ms.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:Steve Bantz
ID: 39630916
I couldn't take it anymore and I got Googled out.  I couldn't find anything to help me and it ended up being an exercise in futility.  My last resort was to go the control panel and choose "Uninstall" for Exchange Server 2007.  This allows you to remove just the Client Access Role.  I got a little scared because after it removed the role it spent 10 minutes "removing Exchange files." I had a good backup but thinking about having to revert to that was making me a little sick. I really thought that I had screwed up and totally removed Exchange.  It turned out that it just takes a while to remove the CA role and remove the files.  I was able to go back in and "Change" the installation and add the Client Access Role back in.  WHEW!

One thing I did notice is that it put OWA and ActiveSync back in the Default Web Site and NOT in SBS Web Applications.  Since this is a SBS 2008 server, this is not technically correct.  I am not messing with it at this point so I just bound the private IP of the server and the Register.com SSL certificate to Default Web Site (was bound to SBS Web Applications) and now everything is working as it should.  It passes all ActiveSync tests from the https://testconnectivity.microsoft.com/ site.

I have about 8 hours in this and I was at low tide to be sure.  Time for lunch.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39630957
I only have one SBS 2008 server left for a customer...I will look at the site setup tonight and advise what I see as the default
0
 

Accepted Solution

by:
Steve Bantz earned 0 total points
ID: 39631568
I think you will find that everything Outlook/Exchange related in IIS will be under the site named SBS Web Applications. This is by design in SBS.  Windows 2008 Standard with Exchange installed will have it all under Default Web Site.  Mine is that way now only because I reinstalled the Client Access Role.

What a pain, but at least it works now.
0
 

Author Closing Comment

by:Steve Bantz
ID: 41462784
reinstalled client access mode
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video discusses moving either the default database or any database to a new volume.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question