Solved

OWA will not connect, cannot sync phones - Exchange 2010 SP1

Posted on 2013-12-30
34
1,840 Views
Last Modified: 2014-01-27
New Exchange 2010 setup on SBS 2011.  SSL certificate installed but unable to connect through OWA or sync phone.

OWA Error:

=======================
Server Error in '/owa' Application.
--------------------------------------------------------------------------------

Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.

Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly"/>
    </system.web>
</configuration>
 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="On" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

=======================

Thanks.
0
Comment
Question by:Adam D
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 19
  • 9
  • 4
  • +2
34 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39745943
Hi

What happens on the mail server when you open https://localhost/owa in a browser?
0
 
LVL 1

Author Comment

by:Adam D
ID: 39745952
Same error, the only difference is:

<customErrors mode="RemoteOnly"/> - inside the network

<customErrors mode="Off"/> - outside the network
0
 
LVL 1

Author Comment

by:Adam D
ID: 39745957
I also just tried this:

===================
browse to:C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

change the owa directory to owa.old

restart iis...
=====================

Based on another Expert Exchange result which worked - but it did not for me.

This SSL certificate was originally on a different server running Exchange 2007.  I exported the PFX file, imported it to this server and assigned it through Exchange Management Console - everything was accepted and it is set to be used on the proper services.

The address does go to my exchange server so it is not a firewall issue (plus Exchange 2007 was working fine with OWA through my current network setup and this new server has the old servers IP address (old server is now offline).

Mail flow is fine, just the OWA and mobile sync.

Thanks.
0
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

 
LVL 12

Assisted Solution

by:SreRaj
SreRaj earned 167 total points
ID: 39745972
Hi,

Please check external connectivity using a test account thru https://testconnectivity.microsoft.com/

Run Exchange Best Practices Analyzer from Exchange Management Console -> Tool Box -> Best Practices Analyzer and see if it reports any critical alert.

Please check if you have all the prerequisites met in the Operating System section.
http://technet.microsoft.com/en-us/library/bb691354(v=exchg.141).aspx

You could also try resetting OWA virtual directory.
http://www.exchangeitpro.com/2013/04/24/reset-exchange-2010-virtual-directories-via-gui/
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39745976
If your certificate is ok or not the website should respond.

Seems there is an error in your web.config

Just a wild guess i have seen working some times is changing the app pool to ASP .Net V4 in IIS. Else we need to look at the web.config.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39745978
Hello,

The testconnectivity site gave me:

==================
Testing HTTP Authentication Methods for URL https://exch.avdenterprises.com/Microsoft-Server-ActiveSync/.
       The HTTP authentication test failed.
       
      Additional Details
       
An HTTP 500 response was returned from Unknown.
Headers received:
Content-Length: 7022
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Mon, 30 Dec 2013 04:18:41 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 397 ms.
===================================

Everything else came back good.

I will run and check the others.  Any thoughts on the results from the the testconnectivity site?

Thanks.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39745979
What are the steps to changing the app pool?

Thanks.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39745982
Current app pool settings:
apppool-current.png
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39745987
Hi,

By default the DefaultAppPool is assigned to owa. so double click it and put V4 in stead of V2 it is now. If it aint working put it back to V2 again. No reboots are necessary.

If it is not working try to put <customErrors mode="Off"/> in web.config directly under <system.web>
0
 
LVL 1

Author Comment

by:Adam D
ID: 39745992
Ok, did, no change, same error.

Is this a URL issue from the certificate issue or something else?  Some FQDN that doesn't match or something SBS 2011/Exchange 2010 is expecting a URL to be and isn't?
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39745993
Hi

It seems a web.config error, please put <customErrors mode="Off"/> in web.config

BTW: your certificate seems fine.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746004
Ok, here is the "actual" error:

=====================
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Could not load file or assembly 'Microsoft.Exchange.Data.Directory, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

Source Error:


Line 75:                 the compiler.  All assemblies in the GAC and owa\bin are referenced automatically.
Line 76:                 -->
Line 77:                 <add assembly="Microsoft.Exchange.Data.Directory,
Line 78:                     Version=14.0.0.0,
Line 79:                      Culture=neutral,
 

Source File: C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\owa\web.config    Line: 77

Assembly Load Trace: The following information can be helpful to determine why the assembly 'Microsoft.Exchange.Data.Directory, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' could not be loaded.


WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.5472; ASP.NET Version:2.0.50727.5456
=================================
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746007
Best practices analyzer gave me a SAN mismatch between the server and the certificate.  Where do I change that?
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39746008
Check whether you have web.config.bak or web.config.nul file.

You can rename web.config file to web.config.old and change web.config.bak or web.config.nul file back to web.config , afterwards, have a try.

Also please try to disable SSL on Default Web Site.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746030
I do have a web.config.bak and I disabled SSL - no change in the error.

I still think this is a mismatch between the defaults of SBS and my certificate maybe in addition to the .net error.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39746035
Please rename web.config to web.config.OLD and rename web.config.BAK to web.config
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39746097
Personally before you did anything else I would suggest an upgrade - Exchange 2010 SP1 is very old and no longer supported. Upgrade the server to Exchange 2010 SP3 with the latest rollup. I find that installing the service packs resolves a lot of problems.

Simon.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746266
Already did the rename with no change.

I am unable to rollup to SP3 until tonight.  This is a fresh install of SBS 2011 and I have not had the opportunity to perform the upgrade yet.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746457
I fixed the SAN issue but according to the analyzer I am still having issues and of course I cannot pull up OWA yet.  Email IS working just not outside syncing.  See attached.
exchange-setup.png
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39746660
As Simon has suggested - get updating!

Update Windows and update Exchange.

When you are up to date, re-visit the test site and see if you still have problems, if you do, please have a read of my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Alan
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746754
Well I was going to wait until tonight but I just updated to SP2 and finally my OWA is working, but not the mobile sync.  I am updating to SP3 now.... error on mobile sync is:

=============================
Validating certificate trust for Windows Mobile devices.
       Certificate trust validation failed.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=exch.avdenterprises.com.
       A certificate chain couldn't be constructed for the certificate.
       
      Additional Details
       
The certificate chain couldn't be built. You may be missing required intermediate certificates.
Elapsed Time: 39 ms.
=============================
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746821
Exchange is up-to-date - SP3, Windows is up-to-date.  Same problem as above.  I moved over the PFX cert from my old server but nothing else.  It seems I need an intermediate cert?  Where would I find that on my old server so I can bring it over?

Thanks.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746838
Imported GoDaddy intermediate cert, restarted IIS, no go.
0
 
LVL 23

Assisted Solution

by:Patrick Bogers
Patrick Bogers earned 333 total points
ID: 39746841
Hi again,

Good to see OWA is up and running, the certificate issue is because of an internal PKI issue where you did not include Canonical Name owa.company.com.

Either you generate a new CSR from within ESM and have your private CA create the certificate or buy a cert from a trusted CA.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746845
I have a trusted CA already in place, this is NOT a self-signed cert.  The OWA is working properly with the trusted CA but apparently the mobile is not seeing/building the chain properly?

Thanks.
0
 
LVL 23

Accepted Solution

by:
Patrick Bogers earned 333 total points
ID: 39746878
Hi,

Then it looks like there is your culprit, the certificate in use is signed by adv-AVDSERVER-CA, i am guessing this is your local CA. Valid fom today until 30-12-2015.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746899
Ok, I found where it was pointing to a self-signed version even though the URLs were right.  So I reassigned the services to the trusted CA version and my phone was able to connect and I received green across the board for connectivity (from Microsoft's test site).

Yay!

BUT, now my OWA is broken again - same error as before and even though I am connected it is not pulling down emails yet.

Also seems to be running VERY slowly.....

Thoughts?
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746908
Looking at the cert DNS entries, for some reason one is off:

DNS Name=exch.avdenterprises.com
DNS Name=www.exch.avdenterprises.com
DNS Name=autodiscover.avdenterprises.com

It should be www.avdenterprises.com NOT www.exch.avdenterprises.com  is that something that can be fixed?  Does it need to be fixed?

The exch.avdenterprises.com is the connecting piece of information that is needed to work right at the moment.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39746914
Are you manually tweaking SBS to make it work?  If you are - you shouldn't.

You should be using the Fix My Network Wizard and the Setup Your Internet Address Wizards.

If you use those, and install the SSL Certificate using the Wizards, then you shouldn't have these sorts of problems.
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746940
I did use those wizards and they said they worked but I still had these problems.  I also used the "add certificate" wizard and it said it took it.  But apparently it assigned it to the wrong CA.

I manually tweaked Exchange to point to the proper CA then I put back my slightly modified web.config file and my OWA is back up.

Just now my phone said I had to update my security passcode on the phone in order to pull emails.  I updated it from a swipe to a password and now emails are coming down.

What a bunch of ridiculous hoops to jump through to get this to work.  I never did like wizards because they hide what they are doing and when it doesn't work you have no idea why.

So, now, my OWA appears to be working and my phone is syncing.

Let's see if it stays that way! :)

Thanks for everyone's help.  I will update you tomorrow unless it breaks again today.

Feel free to post any insights in the meantime.

Thanks.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39746954
Good job!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39746961
Well the usual process is to generate a certificate request, then install the certificate once it has been issued.  The way you have done it is 'unusual' - in as much as I've never done it that way before and I don't know anyone else that has either.

Normally once the certificate request has been approved, you download the certificate, install it and everything works happily.

Alan
0
 
LVL 1

Author Comment

by:Adam D
ID: 39746980
Yeah, I have always been an 'unusual' guy.....  :)

- Adam
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39747015
Nothing wrong with being different and not following the crowd (in my books) ;)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question