• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 37
  • Last Modified:

Windows 2008 Small Business Server and ActiveSync not working on it

I have a Windows 2008 Small Business Server that is utilizing the included MS Exchange component.  Exchange and OWA have always worked fine.  I was tasked with getting an Android phone working with this server using the ActiveSync component.  I have done this with Exchange 2003, 2007 and 2010 with no problems at all.  The first problem I had was that ActiveSync was being reported as not being installed when I ran the ActiveSync tester from mxtoolbox.com.  When I looked at the server, I could see that it was installed and enabled, but it was on a different site than OWA.  See the attached picture (screenshot.jpg).  The Default Website contained OWA and the SBS Web Applications containing activesync was another site on the server and was not started because it was claiming that the Default Website has the ports open.

As a test, I stopped the default site and started the SBS Web Applications site.  At that point, ActiveSync was detected by the tester but it reported that ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]  So, I was getting farther.  I could not find a reason for the "disabled for this user" because everything is set up correctly and I have followed numerous troubleshooting articles for hours on end trying to figure this out.  Part of it may be that I was testing with a self signed cert.

My main question is, why are OWA and ActiveSync on different sites?  I only have one public IP address that NATs to the ip address of the internal exchange server for OWA.  I obviously can't run both the default website and sbs web applications on the same private ip on the exchange server so I am not sure what to do.  The firewall NATS http and https traffic to the single private IP of the Exchange server and the Default Website was running on that.  I assume that activesync relies on owa being available?  I need to figure out how to get both sites running because I do need OWA and ActiveSync to both work correctly.

I am starting to think I just need to move OWA to the SBS Web Applications site but I am just not sure.  That does seem to be the most logical if I knew how to do it.
Steve Bantz
Steve Bantz
  • 5
  • 2
1 Solution
Steve BantzIT ManagerAuthor Commented:
Ok, so I didn't want to wait.  After researching a bit, I did find that it is NOT normal for OWA and ActiveSync to be under different sites in Windows Server 2008 SBS.  It is definitely not supposed to be that way.  So, to move OWA to the right location, I did this:

Backed up IIS 7 first!

Went to the Exchange Management Shell and issued:
Remove-OwaVirtualDirectory "owa (Default Web Site)"

New-OwaVirtualDirectory -OwaVersion "Exchange2007" -Name "owa" -WebSiteName "SBS Web Applications"
Then I stopped the default web site and configured the SBS Web Applications site to use the private IP of the Exchange server on port 80 and 443.

OWA works just fine from outside the network.  Thank heaven.
However, I am still getting a failure when testing ActiveSync.  It says ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].

Will keep trying.
Cris HannaCommented:
my recommendation would be to go here and run the ActiveSync test

You'll get much more detailed info
Steve BantzIT ManagerAuthor Commented:
This is what I get when running the test with that tool.  Everything is fine until the very end.  I have verified that basic authentication is all that is being used.  

Testing HTTP Authentication Methods for URL https://mail.xxx.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication test failed.
 Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
#content{margin:0 0 0 2%;position:relative;}
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
 <h2>403 - Forbidden: Access is denied.</h2>
 <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

Headers received:
Content-Length: 1233
Content-Type: text/html
Date: Thu, 07 Nov 2013 14:58:45 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET

Elapsed Time: 68 ms.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Steve BantzIT ManagerAuthor Commented:
I couldn't take it anymore and I got Googled out.  I couldn't find anything to help me and it ended up being an exercise in futility.  My last resort was to go the control panel and choose "Uninstall" for Exchange Server 2007.  This allows you to remove just the Client Access Role.  I got a little scared because after it removed the role it spent 10 minutes "removing Exchange files." I had a good backup but thinking about having to revert to that was making me a little sick. I really thought that I had screwed up and totally removed Exchange.  It turned out that it just takes a while to remove the CA role and remove the files.  I was able to go back in and "Change" the installation and add the Client Access Role back in.  WHEW!

One thing I did notice is that it put OWA and ActiveSync back in the Default Web Site and NOT in SBS Web Applications.  Since this is a SBS 2008 server, this is not technically correct.  I am not messing with it at this point so I just bound the private IP of the server and the Register.com SSL certificate to Default Web Site (was bound to SBS Web Applications) and now everything is working as it should.  It passes all ActiveSync tests from the https://testconnectivity.microsoft.com/ site.

I have about 8 hours in this and I was at low tide to be sure.  Time for lunch.
Cris HannaCommented:
I only have one SBS 2008 server left for a customer...I will look at the site setup tonight and advise what I see as the default
Steve BantzIT ManagerAuthor Commented:
I think you will find that everything Outlook/Exchange related in IIS will be under the site named SBS Web Applications. This is by design in SBS.  Windows 2008 Standard with Exchange installed will have it all under Default Web Site.  Mine is that way now only because I reinstalled the Client Access Role.

What a pain, but at least it works now.
Steve BantzIT ManagerAuthor Commented:
reinstalled client access mode

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now