Link to home
Start Free TrialLog in
Avatar of Adam D
Adam D

asked on

OWA will not connect, cannot sync phones - Exchange 2010 SP1

New Exchange 2010 setup on SBS 2011.  SSL certificate installed but unable to connect through OWA or sync phone.

OWA Error:

=======================
Server Error in '/owa' Application.
--------------------------------------------------------------------------------

Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.

Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly"/>
    </system.web>
</configuration>
 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="On" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

=======================

Thanks.
Avatar of Patrick Bogers
Patrick Bogers
Flag of Netherlands image

Hi

What happens on the mail server when you open https://localhost/owa in a browser?
Avatar of Adam D
Adam D

ASKER

Same error, the only difference is:

<customErrors mode="RemoteOnly"/> - inside the network

<customErrors mode="Off"/> - outside the network
Avatar of Adam D

ASKER

I also just tried this:

===================
browse to:C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

change the owa directory to owa.old

restart iis...
=====================

Based on another Expert Exchange result which worked - but it did not for me.

This SSL certificate was originally on a different server running Exchange 2007.  I exported the PFX file, imported it to this server and assigned it through Exchange Management Console - everything was accepted and it is set to be used on the proper services.

The address does go to my exchange server so it is not a firewall issue (plus Exchange 2007 was working fine with OWA through my current network setup and this new server has the old servers IP address (old server is now offline).

Mail flow is fine, just the OWA and mobile sync.

Thanks.
SOLUTION
Avatar of SreRaj
SreRaj
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If your certificate is ok or not the website should respond.

Seems there is an error in your web.config

Just a wild guess i have seen working some times is changing the app pool to ASP .Net V4 in IIS. Else we need to look at the web.config.
Avatar of Adam D

ASKER

Hello,

The testconnectivity site gave me:

==================
Testing HTTP Authentication Methods for URL https://exch.avdenterprises.com/Microsoft-Server-ActiveSync/.
       The HTTP authentication test failed.
       
      Additional Details
       
An HTTP 500 response was returned from Unknown.
Headers received:
Content-Length: 7022
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Mon, 30 Dec 2013 04:18:41 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 397 ms.
===================================

Everything else came back good.

I will run and check the others.  Any thoughts on the results from the the testconnectivity site?

Thanks.
Avatar of Adam D

ASKER

What are the steps to changing the app pool?

Thanks.
Avatar of Adam D

ASKER

Current app pool settings:
apppool-current.png
Hi,

By default the DefaultAppPool is assigned to owa. so double click it and put V4 in stead of V2 it is now. If it aint working put it back to V2 again. No reboots are necessary.

If it is not working try to put <customErrors mode="Off"/> in web.config directly under <system.web>
Avatar of Adam D

ASKER

Ok, did, no change, same error.

Is this a URL issue from the certificate issue or something else?  Some FQDN that doesn't match or something SBS 2011/Exchange 2010 is expecting a URL to be and isn't?
Hi

It seems a web.config error, please put <customErrors mode="Off"/> in web.config

BTW: your certificate seems fine.
Avatar of Adam D

ASKER

Ok, here is the "actual" error:

=====================
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Could not load file or assembly 'Microsoft.Exchange.Data.Directory, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

Source Error:


Line 75:                 the compiler.  All assemblies in the GAC and owa\bin are referenced automatically.
Line 76:                 -->
Line 77:                 <add assembly="Microsoft.Exchange.Data.Directory,
Line 78:                     Version=14.0.0.0,
Line 79:                      Culture=neutral,
 

Source File: C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\owa\web.config    Line: 77

Assembly Load Trace: The following information can be helpful to determine why the assembly 'Microsoft.Exchange.Data.Directory, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' could not be loaded.


WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.5472; ASP.NET Version:2.0.50727.5456
=================================
Avatar of Adam D

ASKER

Best practices analyzer gave me a SAN mismatch between the server and the certificate.  Where do I change that?
Check whether you have web.config.bak or web.config.nul file.

You can rename web.config file to web.config.old and change web.config.bak or web.config.nul file back to web.config , afterwards, have a try.

Also please try to disable SSL on Default Web Site.
Avatar of Adam D

ASKER

I do have a web.config.bak and I disabled SSL - no change in the error.

I still think this is a mismatch between the defaults of SBS and my certificate maybe in addition to the .net error.
Please rename web.config to web.config.OLD and rename web.config.BAK to web.config
Personally before you did anything else I would suggest an upgrade - Exchange 2010 SP1 is very old and no longer supported. Upgrade the server to Exchange 2010 SP3 with the latest rollup. I find that installing the service packs resolves a lot of problems.

Simon.
Avatar of Adam D

ASKER

Already did the rename with no change.

I am unable to rollup to SP3 until tonight.  This is a fresh install of SBS 2011 and I have not had the opportunity to perform the upgrade yet.
Avatar of Adam D

ASKER

I fixed the SAN issue but according to the analyzer I am still having issues and of course I cannot pull up OWA yet.  Email IS working just not outside syncing.  See attached.
exchange-setup.png
As Simon has suggested - get updating!

Update Windows and update Exchange.

When you are up to date, re-visit the test site and see if you still have problems, if you do, please have a read of my article:

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Alan
Avatar of Adam D

ASKER

Well I was going to wait until tonight but I just updated to SP2 and finally my OWA is working, but not the mobile sync.  I am updating to SP3 now.... error on mobile sync is:

=============================
Validating certificate trust for Windows Mobile devices.
       Certificate trust validation failed.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=exch.avdenterprises.com.
       A certificate chain couldn't be constructed for the certificate.
       
      Additional Details
       
The certificate chain couldn't be built. You may be missing required intermediate certificates.
Elapsed Time: 39 ms.
=============================
Avatar of Adam D

ASKER

Exchange is up-to-date - SP3, Windows is up-to-date.  Same problem as above.  I moved over the PFX cert from my old server but nothing else.  It seems I need an intermediate cert?  Where would I find that on my old server so I can bring it over?

Thanks.
Avatar of Adam D

ASKER

Imported GoDaddy intermediate cert, restarted IIS, no go.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Adam D

ASKER

I have a trusted CA already in place, this is NOT a self-signed cert.  The OWA is working properly with the trusted CA but apparently the mobile is not seeing/building the chain properly?

Thanks.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Adam D

ASKER

Ok, I found where it was pointing to a self-signed version even though the URLs were right.  So I reassigned the services to the trusted CA version and my phone was able to connect and I received green across the board for connectivity (from Microsoft's test site).

Yay!

BUT, now my OWA is broken again - same error as before and even though I am connected it is not pulling down emails yet.

Also seems to be running VERY slowly.....

Thoughts?
Avatar of Adam D

ASKER

Looking at the cert DNS entries, for some reason one is off:

DNS Name=exch.avdenterprises.com
DNS Name=www.exch.avdenterprises.com
DNS Name=autodiscover.avdenterprises.com

It should be www.avdenterprises.com NOT www.exch.avdenterprises.com  is that something that can be fixed?  Does it need to be fixed?

The exch.avdenterprises.com is the connecting piece of information that is needed to work right at the moment.
Are you manually tweaking SBS to make it work?  If you are - you shouldn't.

You should be using the Fix My Network Wizard and the Setup Your Internet Address Wizards.

If you use those, and install the SSL Certificate using the Wizards, then you shouldn't have these sorts of problems.
Avatar of Adam D

ASKER

I did use those wizards and they said they worked but I still had these problems.  I also used the "add certificate" wizard and it said it took it.  But apparently it assigned it to the wrong CA.

I manually tweaked Exchange to point to the proper CA then I put back my slightly modified web.config file and my OWA is back up.

Just now my phone said I had to update my security passcode on the phone in order to pull emails.  I updated it from a swipe to a password and now emails are coming down.

What a bunch of ridiculous hoops to jump through to get this to work.  I never did like wizards because they hide what they are doing and when it doesn't work you have no idea why.

So, now, my OWA appears to be working and my phone is syncing.

Let's see if it stays that way! :)

Thanks for everyone's help.  I will update you tomorrow unless it breaks again today.

Feel free to post any insights in the meantime.

Thanks.
Good job!
Well the usual process is to generate a certificate request, then install the certificate once it has been issued.  The way you have done it is 'unusual' - in as much as I've never done it that way before and I don't know anyone else that has either.

Normally once the certificate request has been approved, you download the certificate, install it and everything works happily.

Alan
Avatar of Adam D

ASKER

Yeah, I have always been an 'unusual' guy.....  :)

- Adam
Nothing wrong with being different and not following the crowd (in my books) ;)