Solved

ActiveSync Authentication Error

Posted on 2013-11-06
15
272 Views
Last Modified: 2014-09-30
I have battled our Exchange 2003 Enterprise server for quite a while now; I have followed all the Microsoft KBs and Alan Hardisty's docs here. ActiveSync still refuses to work. When using the Connectivity Analyzer we get the dreaded HTTP 500 error, and when attempting to configure an Android or Touchdown I get a "bad user name or password" error. I noticed two interesting errors however in the Security event log:

Event ID 537, Failure Audit
Logon Failure:
Reason: An error occurred during logon
User Name: (me)
Domain: (our domain)
Logon Type: 3
Logon Process: (unintelligible gibberish)
Authentication Package: NTLM
Workstation name: (server)

3 of these errors are generated in a row. Next error is the same, but this time for the server - User Name: server$, same logon type, same unintelligible gibberish for the logon process. Is this part of my issue, and if so can I fix it without calling Microsoft?
0
Comment
Question by:JHMH IT Staff
  • 7
  • 5
  • 3
15 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39628800
Oh dear - if my article can't help, then you have two choices!  Call MS or call / email me!!

I have found that a lot of 500 errors issues that my article can't solve are related to DNS issues and those are not easily diagnosed with Questions and Answers!

Have you been through my article with a fine tooth-comb?

Are we talking single server here or Front-End / Back-End servers?

Alan
0
 
LVL 3

Author Comment

by:JHMH IT Staff
ID: 39628825
It's a single Exchange server, Alan. One of the oddest parts about this is if I type in the old domain name during the auth process the Logon Process shows as "Advapi" in the error message; using the current domain name it shows the unintelligible gibberish (in the attached file).

At one point the domain was renamed but the Exchange Organization still displays as the old domain. Even in registry keys it shows as "o=oldDomainName"; not sure if this helps at all.

And yes, I have gone over your articles many times. In fact, when I re-enable Forms Authentication after one of the steps I get "Access Denied" which is odd; it does however re-enable the Forms Authentication.

I'm not sure if these are multiple symptoms of the same problem, or just multiple problems.Logon Error
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39628844
Sounds a lot like DNS issues causing your problems.  Seen quite a few of these sort of problems after domain name renames.

Takes a little time to fix but not impossible.

Are you against calling MS or just don't want the cost?

Alan
0
 
LVL 3

Author Comment

by:JHMH IT Staff
ID: 39628912
Both haha! I would very much like to learn how to defeat it myself, but if this is looking like a MS issue to you then we may not have much choice.

When you say DNS issues do you mean on our domain controller or the Exchange server itself?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39628921
MS should be able to fix it but it will cost.  I did mention another option though in my initial comment.

The DNS problem will be down to the domain name rename and DNS records.  It is down to DNS not resolving everything correctly internally.  Once DNS is working and the domain name issue is resolved, a Activesync should just start working.

Alan
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39629603
I had this with a client just yesterday - when I went looking in IIS manager I found the asp.net was set incorrectly and all of the application pools were screwed up.

Resetting the virtual directories resolved the issue there:
http://support.microsoft.com/kb/883380

Simon.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39629607
I think there is a lot more at play here Simon, based on a few servers I have looked at previously.

Have you come across issues with Activesync where DNS was screwing it up?

Alan
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 3

Author Comment

by:JHMH IT Staff
ID: 39630193
Simon, I have actually reset the virtual directories before as well. Our SharePoint wouldn't work on ASP.NET v2.0, so I checked Exchange and the Default Web Site is indeed on v1.1. However I see our Exchange has v2.0 allowed; could both versions of ASP be an issue, or possibly is our Exchange using the wrong one? If you think it would be worth it I can change the Exchange to v2.0 and rebuild the directories one more time. I am attaching a screenshot of our IIS to see if anything jumps out; it appears at some point prior IT personnel decided to run SharePoint on the Exchange server as well, and we no longer use Symantec.

Exchange IIS
Alan, please expect an email from me shortly.
0
 
LVL 3

Author Comment

by:JHMH IT Staff
ID: 39630427
I have also done a little more research as to why I have so many options grayed out in Exchange System Manager and certain options such as the "Log file location" are displaying an error message which appear to have characters missing (a block is displayed for certain characters as if the font is missing). Using ASDI Edit I am looking at Configuration/Configuration/Services/Microsoft Exchange and am seeing lots of entries where CN=oldDomain or O=oldDomain. Should I correct these entries to match the new domain or will this break our Exchange setup entirely?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39630521
I'd leave tweaking things for now.

I've seen Activesync work with ASP 2.0 happily, despite everything I have written saying it needs 1.1!

Alan
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39630659
asp.net 1.1 and 2.0 are completely different, there is no backwards compatibility, so it shouldn't work at all. ActiveSync makes a call to the /exchange virtual directory on Exchange 2003, therefore I have seen DNS and proxy configurations cause some problems.

Given the issues with the server, I would be looking to at least move to a rebuilt machine, but ideally an upgrade.

Simon.
0
 
LVL 3

Author Comment

by:JHMH IT Staff
ID: 39630783
So should we remove 2.0 completely from the server? I have already built another server, but I am hesitant to move Exchange until we can confirm the issues are not being caused by DNS or a bad setting in the domain controller. As I stated before the domain was renamed in 2008 but the organization name and multitude of other settings in ADSI and the registry still match the old domain name.
0
 
LVL 3

Author Comment

by:JHMH IT Staff
ID: 39630843
I just noticed another symptom: as I restarted the server an Outlook popup appeared asking me to connect to "server.oldDomain.net" whereas it should be "server.newDomain.com". I could kick myself for not bringing this up sooner as this server configuration is entered every time we configure Outlook for a user.

Does this help?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39630875
Renaming a domain with Exchange involved usually ends up in pain. It is something I always refused to do and with later versions of Exchange is no longer supported.

I would be looking to build a new forest with the correct names if it was me.

Simon.
0
 
LVL 3

Author Closing Comment

by:JHMH IT Staff
ID: 40352878
Alan did a lot of work to fix this but ultimately the issue is domain related.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now