Solved

Windows 2008 Small Business Server and ActiveSync not working on it

Posted on 2013-11-06
7
20 Views
Last Modified: 2016-02-13
I have a Windows 2008 Small Business Server that is utilizing the included MS Exchange component.  Exchange and OWA have always worked fine.  I was tasked with getting an Android phone working with this server using the ActiveSync component.  I have done this with Exchange 2003, 2007 and 2010 with no problems at all.  The first problem I had was that ActiveSync was being reported as not being installed when I ran the ActiveSync tester from mxtoolbox.com.  When I looked at the server, I could see that it was installed and enabled, but it was on a different site than OWA.  See the attached picture (screenshot.jpg).  The Default Website contained OWA and the SBS Web Applications containing activesync was another site on the server and was not started because it was claiming that the Default Website has the ports open.

As a test, I stopped the default site and started the SBS Web Applications site.  At that point, ActiveSync was detected by the tester but it reported that ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]  So, I was getting farther.  I could not find a reason for the "disabled for this user" because everything is set up correctly and I have followed numerous troubleshooting articles for hours on end trying to figure this out.  Part of it may be that I was testing with a self signed cert.

My main question is, why are OWA and ActiveSync on different sites?  I only have one public IP address that NATs to the ip address of the internal exchange server for OWA.  I obviously can't run both the default website and sbs web applications on the same private ip on the exchange server so I am not sure what to do.  The firewall NATS http and https traffic to the single private IP of the Exchange server and the Default Website was running on that.  I assume that activesync relies on owa being available?  I need to figure out how to get both sites running because I do need OWA and ActiveSync to both work correctly.

I am starting to think I just need to move OWA to the SBS Web Applications site but I am just not sure.  That does seem to be the most logical if I knew how to do it.
screenshot2.jpg
0
Comment
Question by:Steve Bantz
  • 5
  • 2
7 Comments
 

Author Comment

by:Steve Bantz
Comment Utility
Ok, so I didn't want to wait.  After researching a bit, I did find that it is NOT normal for OWA and ActiveSync to be under different sites in Windows Server 2008 SBS.  It is definitely not supposed to be that way.  So, to move OWA to the right location, I did this:

Backed up IIS 7 first!

Went to the Exchange Management Shell and issued:
Remove-OwaVirtualDirectory "owa (Default Web Site)"

New-OwaVirtualDirectory -OwaVersion "Exchange2007" -Name "owa" -WebSiteName "SBS Web Applications"
Then I stopped the default web site and configured the SBS Web Applications site to use the private IP of the Exchange server on port 80 and 443.

OWA works just fine from outside the network.  Thank heaven.
However, I am still getting a failure when testing ActiveSync.  It says ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].

Will keep trying.
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
my recommendation would be to go here and run the ActiveSync test
https://testconnectivity.microsoft.com/

You'll get much more detailed info
0
 

Author Comment

by:Steve Bantz
Comment Utility
This is what I get when running the test with that tool.  Everything is fine until the very end.  I have verified that basic authentication is all that is being used.  

Testing HTTP Authentication Methods for URL https://mail.xxx.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication test failed.
 
 Additional Details
 
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
 <h2>403 - Forbidden: Access is denied.</h2>
 <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>

Headers received:
Content-Length: 1233
Content-Type: text/html
Date: Thu, 07 Nov 2013 14:58:45 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET


Elapsed Time: 68 ms.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Steve Bantz
Comment Utility
I couldn't take it anymore and I got Googled out.  I couldn't find anything to help me and it ended up being an exercise in futility.  My last resort was to go the control panel and choose "Uninstall" for Exchange Server 2007.  This allows you to remove just the Client Access Role.  I got a little scared because after it removed the role it spent 10 minutes "removing Exchange files." I had a good backup but thinking about having to revert to that was making me a little sick. I really thought that I had screwed up and totally removed Exchange.  It turned out that it just takes a while to remove the CA role and remove the files.  I was able to go back in and "Change" the installation and add the Client Access Role back in.  WHEW!

One thing I did notice is that it put OWA and ActiveSync back in the Default Web Site and NOT in SBS Web Applications.  Since this is a SBS 2008 server, this is not technically correct.  I am not messing with it at this point so I just bound the private IP of the server and the Register.com SSL certificate to Default Web Site (was bound to SBS Web Applications) and now everything is working as it should.  It passes all ActiveSync tests from the https://testconnectivity.microsoft.com/ site.

I have about 8 hours in this and I was at low tide to be sure.  Time for lunch.
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
I only have one SBS 2008 server left for a customer...I will look at the site setup tonight and advise what I see as the default
0
 

Accepted Solution

by:
Steve Bantz earned 0 total points
Comment Utility
I think you will find that everything Outlook/Exchange related in IIS will be under the site named SBS Web Applications. This is by design in SBS.  Windows 2008 Standard with Exchange installed will have it all under Default Web Site.  Mine is that way now only because I reinstalled the Client Access Role.

What a pain, but at least it works now.
0
 

Author Closing Comment

by:Steve Bantz
Comment Utility
reinstalled client access mode
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now