Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

ActiveSync Authentication Error

I have battled our Exchange 2003 Enterprise server for quite a while now; I have followed all the Microsoft KBs and Alan Hardisty's docs here. ActiveSync still refuses to work. When using the Connectivity Analyzer we get the dreaded HTTP 500 error, and when attempting to configure an Android or Touchdown I get a "bad user name or password" error. I noticed two interesting errors however in the Security event log:

Event ID 537, Failure Audit
Logon Failure:
Reason: An error occurred during logon
User Name: (me)
Domain: (our domain)
Logon Type: 3
Logon Process: (unintelligible gibberish)
Authentication Package: NTLM
Workstation name: (server)

3 of these errors are generated in a row. Next error is the same, but this time for the server - User Name: server$, same logon type, same unintelligible gibberish for the logon process. Is this part of my issue, and if so can I fix it without calling Microsoft?
0
JHMH IT Staff
Asked:
JHMH IT Staff
  • 7
  • 5
  • 3
1 Solution
 
Alan HardistyCommented:
Oh dear - if my article can't help, then you have two choices!  Call MS or call / email me!!

I have found that a lot of 500 errors issues that my article can't solve are related to DNS issues and those are not easily diagnosed with Questions and Answers!

Have you been through my article with a fine tooth-comb?

Are we talking single server here or Front-End / Back-End servers?

Alan
0
 
JHMH IT StaffAuthor Commented:
It's a single Exchange server, Alan. One of the oddest parts about this is if I type in the old domain name during the auth process the Logon Process shows as "Advapi" in the error message; using the current domain name it shows the unintelligible gibberish (in the attached file).

At one point the domain was renamed but the Exchange Organization still displays as the old domain. Even in registry keys it shows as "o=oldDomainName"; not sure if this helps at all.

And yes, I have gone over your articles many times. In fact, when I re-enable Forms Authentication after one of the steps I get "Access Denied" which is odd; it does however re-enable the Forms Authentication.

I'm not sure if these are multiple symptoms of the same problem, or just multiple problems.Logon Error
0
 
Alan HardistyCommented:
Sounds a lot like DNS issues causing your problems.  Seen quite a few of these sort of problems after domain name renames.

Takes a little time to fix but not impossible.

Are you against calling MS or just don't want the cost?

Alan
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
JHMH IT StaffAuthor Commented:
Both haha! I would very much like to learn how to defeat it myself, but if this is looking like a MS issue to you then we may not have much choice.

When you say DNS issues do you mean on our domain controller or the Exchange server itself?
0
 
Alan HardistyCommented:
MS should be able to fix it but it will cost.  I did mention another option though in my initial comment.

The DNS problem will be down to the domain name rename and DNS records.  It is down to DNS not resolving everything correctly internally.  Once DNS is working and the domain name issue is resolved, a Activesync should just start working.

Alan
0
 
Simon Butler (Sembee)ConsultantCommented:
I had this with a client just yesterday - when I went looking in IIS manager I found the asp.net was set incorrectly and all of the application pools were screwed up.

Resetting the virtual directories resolved the issue there:
http://support.microsoft.com/kb/883380

Simon.
0
 
Alan HardistyCommented:
I think there is a lot more at play here Simon, based on a few servers I have looked at previously.

Have you come across issues with Activesync where DNS was screwing it up?

Alan
0
 
JHMH IT StaffAuthor Commented:
Simon, I have actually reset the virtual directories before as well. Our SharePoint wouldn't work on ASP.NET v2.0, so I checked Exchange and the Default Web Site is indeed on v1.1. However I see our Exchange has v2.0 allowed; could both versions of ASP be an issue, or possibly is our Exchange using the wrong one? If you think it would be worth it I can change the Exchange to v2.0 and rebuild the directories one more time. I am attaching a screenshot of our IIS to see if anything jumps out; it appears at some point prior IT personnel decided to run SharePoint on the Exchange server as well, and we no longer use Symantec.

Exchange IIS
Alan, please expect an email from me shortly.
0
 
JHMH IT StaffAuthor Commented:
I have also done a little more research as to why I have so many options grayed out in Exchange System Manager and certain options such as the "Log file location" are displaying an error message which appear to have characters missing (a block is displayed for certain characters as if the font is missing). Using ASDI Edit I am looking at Configuration/Configuration/Services/Microsoft Exchange and am seeing lots of entries where CN=oldDomain or O=oldDomain. Should I correct these entries to match the new domain or will this break our Exchange setup entirely?
0
 
Alan HardistyCommented:
I'd leave tweaking things for now.

I've seen Activesync work with ASP 2.0 happily, despite everything I have written saying it needs 1.1!

Alan
0
 
Simon Butler (Sembee)ConsultantCommented:
asp.net 1.1 and 2.0 are completely different, there is no backwards compatibility, so it shouldn't work at all. ActiveSync makes a call to the /exchange virtual directory on Exchange 2003, therefore I have seen DNS and proxy configurations cause some problems.

Given the issues with the server, I would be looking to at least move to a rebuilt machine, but ideally an upgrade.

Simon.
0
 
JHMH IT StaffAuthor Commented:
So should we remove 2.0 completely from the server? I have already built another server, but I am hesitant to move Exchange until we can confirm the issues are not being caused by DNS or a bad setting in the domain controller. As I stated before the domain was renamed in 2008 but the organization name and multitude of other settings in ADSI and the registry still match the old domain name.
0
 
JHMH IT StaffAuthor Commented:
I just noticed another symptom: as I restarted the server an Outlook popup appeared asking me to connect to "server.oldDomain.net" whereas it should be "server.newDomain.com". I could kick myself for not bringing this up sooner as this server configuration is entered every time we configure Outlook for a user.

Does this help?
0
 
Simon Butler (Sembee)ConsultantCommented:
Renaming a domain with Exchange involved usually ends up in pain. It is something I always refused to do and with later versions of Exchange is no longer supported.

I would be looking to build a new forest with the correct names if it was me.

Simon.
0
 
JHMH IT StaffAuthor Commented:
Alan did a lot of work to fix this but ultimately the issue is domain related.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 7
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now