Windows 2008 Small Business Server and ActiveSync not working on it

Posted on 2013-11-06
Medium Priority
Last Modified: 2016-02-13
I have a Windows 2008 Small Business Server that is utilizing the included MS Exchange component.  Exchange and OWA have always worked fine.  I was tasked with getting an Android phone working with this server using the ActiveSync component.  I have done this with Exchange 2003, 2007 and 2010 with no problems at all.  The first problem I had was that ActiveSync was being reported as not being installed when I ran the ActiveSync tester from mxtoolbox.com.  When I looked at the server, I could see that it was installed and enabled, but it was on a different site than OWA.  See the attached picture (screenshot.jpg).  The Default Website contained OWA and the SBS Web Applications containing activesync was another site on the server and was not started because it was claiming that the Default Website has the ports open.

As a test, I stopped the default site and started the SBS Web Applications site.  At that point, ActiveSync was detected by the tester but it reported that ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]  So, I was getting farther.  I could not find a reason for the "disabled for this user" because everything is set up correctly and I have followed numerous troubleshooting articles for hours on end trying to figure this out.  Part of it may be that I was testing with a self signed cert.

My main question is, why are OWA and ActiveSync on different sites?  I only have one public IP address that NATs to the ip address of the internal exchange server for OWA.  I obviously can't run both the default website and sbs web applications on the same private ip on the exchange server so I am not sure what to do.  The firewall NATS http and https traffic to the single private IP of the Exchange server and the Default Website was running on that.  I assume that activesync relies on owa being available?  I need to figure out how to get both sites running because I do need OWA and ActiveSync to both work correctly.

I am starting to think I just need to move OWA to the SBS Web Applications site but I am just not sure.  That does seem to be the most logical if I knew how to do it.
Question by:Steve Bantz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2

Author Comment

by:Steve Bantz
ID: 39627762
Ok, so I didn't want to wait.  After researching a bit, I did find that it is NOT normal for OWA and ActiveSync to be under different sites in Windows Server 2008 SBS.  It is definitely not supposed to be that way.  So, to move OWA to the right location, I did this:

Backed up IIS 7 first!

Went to the Exchange Management Shell and issued:
Remove-OwaVirtualDirectory "owa (Default Web Site)"

New-OwaVirtualDirectory -OwaVersion "Exchange2007" -Name "owa" -WebSiteName "SBS Web Applications"
Then I stopped the default web site and configured the SBS Web Applications site to use the private IP of the Exchange server on port 80 and 443.

OWA works just fine from outside the network.  Thank heaven.
However, I am still getting a failure when testing ActiveSync.  It says ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].

Will keep trying.
LVL 35

Expert Comment

by:Cris Hanna
ID: 39629217
my recommendation would be to go here and run the ActiveSync test

You'll get much more detailed info

Author Comment

by:Steve Bantz
ID: 39630338
This is what I get when running the test with that tool.  Everything is fine until the very end.  I have verified that basic authentication is all that is being used.  

Testing HTTP Authentication Methods for URL https://mail.xxx.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication test failed.
 Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
#content{margin:0 0 0 2%;position:relative;}
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
 <h2>403 - Forbidden: Access is denied.</h2>
 <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

Headers received:
Content-Length: 1233
Content-Type: text/html
Date: Thu, 07 Nov 2013 14:58:45 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET

Elapsed Time: 68 ms.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

by:Steve Bantz
ID: 39630916
I couldn't take it anymore and I got Googled out.  I couldn't find anything to help me and it ended up being an exercise in futility.  My last resort was to go the control panel and choose "Uninstall" for Exchange Server 2007.  This allows you to remove just the Client Access Role.  I got a little scared because after it removed the role it spent 10 minutes "removing Exchange files." I had a good backup but thinking about having to revert to that was making me a little sick. I really thought that I had screwed up and totally removed Exchange.  It turned out that it just takes a while to remove the CA role and remove the files.  I was able to go back in and "Change" the installation and add the Client Access Role back in.  WHEW!

One thing I did notice is that it put OWA and ActiveSync back in the Default Web Site and NOT in SBS Web Applications.  Since this is a SBS 2008 server, this is not technically correct.  I am not messing with it at this point so I just bound the private IP of the server and the Register.com SSL certificate to Default Web Site (was bound to SBS Web Applications) and now everything is working as it should.  It passes all ActiveSync tests from the https://testconnectivity.microsoft.com/ site.

I have about 8 hours in this and I was at low tide to be sure.  Time for lunch.
LVL 35

Expert Comment

by:Cris Hanna
ID: 39630957
I only have one SBS 2008 server left for a customer...I will look at the site setup tonight and advise what I see as the default

Accepted Solution

Steve Bantz earned 0 total points
ID: 39631568
I think you will find that everything Outlook/Exchange related in IIS will be under the site named SBS Web Applications. This is by design in SBS.  Windows 2008 Standard with Exchange installed will have it all under Default Web Site.  Mine is that way now only because I reinstalled the Client Access Role.

What a pain, but at least it works now.

Author Closing Comment

by:Steve Bantz
ID: 41462784
reinstalled client access mode

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question