Go Premium for a chance to win a PS4. Enter to Win


Windows 2008 Small Business Server and ActiveSync not working on it

Posted on 2013-11-06
Medium Priority
Last Modified: 2016-02-13
I have a Windows 2008 Small Business Server that is utilizing the included MS Exchange component.  Exchange and OWA have always worked fine.  I was tasked with getting an Android phone working with this server using the ActiveSync component.  I have done this with Exchange 2003, 2007 and 2010 with no problems at all.  The first problem I had was that ActiveSync was being reported as not being installed when I ran the ActiveSync tester from mxtoolbox.com.  When I looked at the server, I could see that it was installed and enabled, but it was on a different site than OWA.  See the attached picture (screenshot.jpg).  The Default Website contained OWA and the SBS Web Applications containing activesync was another site on the server and was not started because it was claiming that the Default Website has the ports open.

As a test, I stopped the default site and started the SBS Web Applications site.  At that point, ActiveSync was detected by the tester but it reported that ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]  So, I was getting farther.  I could not find a reason for the "disabled for this user" because everything is set up correctly and I have followed numerous troubleshooting articles for hours on end trying to figure this out.  Part of it may be that I was testing with a self signed cert.

My main question is, why are OWA and ActiveSync on different sites?  I only have one public IP address that NATs to the ip address of the internal exchange server for OWA.  I obviously can't run both the default website and sbs web applications on the same private ip on the exchange server so I am not sure what to do.  The firewall NATS http and https traffic to the single private IP of the Exchange server and the Default Website was running on that.  I assume that activesync relies on owa being available?  I need to figure out how to get both sites running because I do need OWA and ActiveSync to both work correctly.

I am starting to think I just need to move OWA to the SBS Web Applications site but I am just not sure.  That does seem to be the most logical if I knew how to do it.
Question by:Steve Bantz
  • 5
  • 2

Author Comment

by:Steve Bantz
ID: 39627762
Ok, so I didn't want to wait.  After researching a bit, I did find that it is NOT normal for OWA and ActiveSync to be under different sites in Windows Server 2008 SBS.  It is definitely not supposed to be that way.  So, to move OWA to the right location, I did this:

Backed up IIS 7 first!

Went to the Exchange Management Shell and issued:
Remove-OwaVirtualDirectory "owa (Default Web Site)"

New-OwaVirtualDirectory -OwaVersion "Exchange2007" -Name "owa" -WebSiteName "SBS Web Applications"
Then I stopped the default web site and configured the SBS Web Applications site to use the private IP of the Exchange server on port 80 and 443.

OWA works just fine from outside the network.  Thank heaven.
However, I am still getting a failure when testing ActiveSync.  It says ActiveSync detected, but access denied. [HTTP 403: Disabled for this user].

Will keep trying.
LVL 35

Expert Comment

by:Cris Hanna
ID: 39629217
my recommendation would be to go here and run the ActiveSync test

You'll get much more detailed info

Author Comment

by:Steve Bantz
ID: 39630338
This is what I get when running the test with that tool.  Everything is fine until the very end.  I have verified that basic authentication is all that is being used.  

Testing HTTP Authentication Methods for URL https://mail.xxx.com/Microsoft-Server-ActiveSync/.
  The HTTP authentication test failed.
 Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
#content{margin:0 0 0 2%;position:relative;}
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
 <h2>403 - Forbidden: Access is denied.</h2>
 <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

Headers received:
Content-Length: 1233
Content-Type: text/html
Date: Thu, 07 Nov 2013 14:58:45 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET

Elapsed Time: 68 ms.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

by:Steve Bantz
ID: 39630916
I couldn't take it anymore and I got Googled out.  I couldn't find anything to help me and it ended up being an exercise in futility.  My last resort was to go the control panel and choose "Uninstall" for Exchange Server 2007.  This allows you to remove just the Client Access Role.  I got a little scared because after it removed the role it spent 10 minutes "removing Exchange files." I had a good backup but thinking about having to revert to that was making me a little sick. I really thought that I had screwed up and totally removed Exchange.  It turned out that it just takes a while to remove the CA role and remove the files.  I was able to go back in and "Change" the installation and add the Client Access Role back in.  WHEW!

One thing I did notice is that it put OWA and ActiveSync back in the Default Web Site and NOT in SBS Web Applications.  Since this is a SBS 2008 server, this is not technically correct.  I am not messing with it at this point so I just bound the private IP of the server and the Register.com SSL certificate to Default Web Site (was bound to SBS Web Applications) and now everything is working as it should.  It passes all ActiveSync tests from the https://testconnectivity.microsoft.com/ site.

I have about 8 hours in this and I was at low tide to be sure.  Time for lunch.
LVL 35

Expert Comment

by:Cris Hanna
ID: 39630957
I only have one SBS 2008 server left for a customer...I will look at the site setup tonight and advise what I see as the default

Accepted Solution

Steve Bantz earned 0 total points
ID: 39631568
I think you will find that everything Outlook/Exchange related in IIS will be under the site named SBS Web Applications. This is by design in SBS.  Windows 2008 Standard with Exchange installed will have it all under Default Web Site.  Mine is that way now only because I reinstalled the Client Access Role.

What a pain, but at least it works now.

Author Closing Comment

by:Steve Bantz
ID: 41462784
reinstalled client access mode

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question