Solved

OWA will not connect, cannot sync phones - Exchange 2010 SP1

Posted on 2013-12-30
34
1,793 Views
Last Modified: 2014-01-27
New Exchange 2010 setup on SBS 2011.  SSL certificate installed but unable to connect through OWA or sync phone.

OWA Error:

=======================
Server Error in '/owa' Application.
--------------------------------------------------------------------------------

Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.

Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly"/>
    </system.web>
</configuration>
 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="On" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

=======================

Thanks.
0
Comment
Question by:adrobnis
  • 19
  • 9
  • 4
  • +2
34 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
Comment Utility
Hi

What happens on the mail server when you open https://localhost/owa in a browser?
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Same error, the only difference is:

<customErrors mode="RemoteOnly"/> - inside the network

<customErrors mode="Off"/> - outside the network
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
I also just tried this:

===================
browse to:C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

change the owa directory to owa.old

restart iis...
=====================

Based on another Expert Exchange result which worked - but it did not for me.

This SSL certificate was originally on a different server running Exchange 2007.  I exported the PFX file, imported it to this server and assigned it through Exchange Management Console - everything was accepted and it is set to be used on the proper services.

The address does go to my exchange server so it is not a firewall issue (plus Exchange 2007 was working fine with OWA through my current network setup and this new server has the old servers IP address (old server is now offline).

Mail flow is fine, just the OWA and mobile sync.

Thanks.
0
 
LVL 12

Assisted Solution

by:SreRaj
SreRaj earned 167 total points
Comment Utility
Hi,

Please check external connectivity using a test account thru https://testconnectivity.microsoft.com/

Run Exchange Best Practices Analyzer from Exchange Management Console -> Tool Box -> Best Practices Analyzer and see if it reports any critical alert.

Please check if you have all the prerequisites met in the Operating System section.
http://technet.microsoft.com/en-us/library/bb691354(v=exchg.141).aspx

You could also try resetting OWA virtual directory.
http://www.exchangeitpro.com/2013/04/24/reset-exchange-2010-virtual-directories-via-gui/
0
 
LVL 19

Expert Comment

by:Patricksr1972
Comment Utility
If your certificate is ok or not the website should respond.

Seems there is an error in your web.config

Just a wild guess i have seen working some times is changing the app pool to ASP .Net V4 in IIS. Else we need to look at the web.config.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Hello,

The testconnectivity site gave me:

==================
Testing HTTP Authentication Methods for URL https://exch.avdenterprises.com/Microsoft-Server-ActiveSync/.
       The HTTP authentication test failed.
       
      Additional Details
       
An HTTP 500 response was returned from Unknown.
Headers received:
Content-Length: 7022
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Mon, 30 Dec 2013 04:18:41 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 397 ms.
===================================

Everything else came back good.

I will run and check the others.  Any thoughts on the results from the the testconnectivity site?

Thanks.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
What are the steps to changing the app pool?

Thanks.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Current app pool settings:
apppool-current.png
0
 
LVL 19

Expert Comment

by:Patricksr1972
Comment Utility
Hi,

By default the DefaultAppPool is assigned to owa. so double click it and put V4 in stead of V2 it is now. If it aint working put it back to V2 again. No reboots are necessary.

If it is not working try to put <customErrors mode="Off"/> in web.config directly under <system.web>
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Ok, did, no change, same error.

Is this a URL issue from the certificate issue or something else?  Some FQDN that doesn't match or something SBS 2011/Exchange 2010 is expecting a URL to be and isn't?
0
 
LVL 19

Expert Comment

by:Patricksr1972
Comment Utility
Hi

It seems a web.config error, please put <customErrors mode="Off"/> in web.config

BTW: your certificate seems fine.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Ok, here is the "actual" error:

=====================
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Could not load file or assembly 'Microsoft.Exchange.Data.Directory, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

Source Error:


Line 75:                 the compiler.  All assemblies in the GAC and owa\bin are referenced automatically.
Line 76:                 -->
Line 77:                 <add assembly="Microsoft.Exchange.Data.Directory,
Line 78:                     Version=14.0.0.0,
Line 79:                      Culture=neutral,
 

Source File: C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\owa\web.config    Line: 77

Assembly Load Trace: The following information can be helpful to determine why the assembly 'Microsoft.Exchange.Data.Directory, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' could not be loaded.


WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.5472; ASP.NET Version:2.0.50727.5456
=================================
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Best practices analyzer gave me a SAN mismatch between the server and the certificate.  Where do I change that?
0
 
LVL 19

Expert Comment

by:Patricksr1972
Comment Utility
Check whether you have web.config.bak or web.config.nul file.

You can rename web.config file to web.config.old and change web.config.bak or web.config.nul file back to web.config , afterwards, have a try.

Also please try to disable SSL on Default Web Site.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
I do have a web.config.bak and I disabled SSL - no change in the error.

I still think this is a mismatch between the defaults of SBS and my certificate maybe in addition to the .net error.
0
 
LVL 19

Expert Comment

by:Patricksr1972
Comment Utility
Please rename web.config to web.config.OLD and rename web.config.BAK to web.config
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Personally before you did anything else I would suggest an upgrade - Exchange 2010 SP1 is very old and no longer supported. Upgrade the server to Exchange 2010 SP3 with the latest rollup. I find that installing the service packs resolves a lot of problems.

Simon.
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Already did the rename with no change.

I am unable to rollup to SP3 until tonight.  This is a fresh install of SBS 2011 and I have not had the opportunity to perform the upgrade yet.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
I fixed the SAN issue but according to the analyzer I am still having issues and of course I cannot pull up OWA yet.  Email IS working just not outside syncing.  See attached.
exchange-setup.png
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
As Simon has suggested - get updating!

Update Windows and update Exchange.

When you are up to date, re-visit the test site and see if you still have problems, if you do, please have a read of my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Alan
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Well I was going to wait until tonight but I just updated to SP2 and finally my OWA is working, but not the mobile sync.  I am updating to SP3 now.... error on mobile sync is:

=============================
Validating certificate trust for Windows Mobile devices.
       Certificate trust validation failed.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=exch.avdenterprises.com.
       A certificate chain couldn't be constructed for the certificate.
       
      Additional Details
       
The certificate chain couldn't be built. You may be missing required intermediate certificates.
Elapsed Time: 39 ms.
=============================
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Exchange is up-to-date - SP3, Windows is up-to-date.  Same problem as above.  I moved over the PFX cert from my old server but nothing else.  It seems I need an intermediate cert?  Where would I find that on my old server so I can bring it over?

Thanks.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Imported GoDaddy intermediate cert, restarted IIS, no go.
0
 
LVL 19

Assisted Solution

by:Patricksr1972
Patricksr1972 earned 333 total points
Comment Utility
Hi again,

Good to see OWA is up and running, the certificate issue is because of an internal PKI issue where you did not include Canonical Name owa.company.com.

Either you generate a new CSR from within ESM and have your private CA create the certificate or buy a cert from a trusted CA.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
I have a trusted CA already in place, this is NOT a self-signed cert.  The OWA is working properly with the trusted CA but apparently the mobile is not seeing/building the chain properly?

Thanks.
0
 
LVL 19

Accepted Solution

by:
Patricksr1972 earned 333 total points
Comment Utility
Hi,

Then it looks like there is your culprit, the certificate in use is signed by adv-AVDSERVER-CA, i am guessing this is your local CA. Valid fom today until 30-12-2015.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Ok, I found where it was pointing to a self-signed version even though the URLs were right.  So I reassigned the services to the trusted CA version and my phone was able to connect and I received green across the board for connectivity (from Microsoft's test site).

Yay!

BUT, now my OWA is broken again - same error as before and even though I am connected it is not pulling down emails yet.

Also seems to be running VERY slowly.....

Thoughts?
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Looking at the cert DNS entries, for some reason one is off:

DNS Name=exch.avdenterprises.com
DNS Name=www.exch.avdenterprises.com
DNS Name=autodiscover.avdenterprises.com

It should be www.avdenterprises.com NOT www.exch.avdenterprises.com  is that something that can be fixed?  Does it need to be fixed?

The exch.avdenterprises.com is the connecting piece of information that is needed to work right at the moment.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Are you manually tweaking SBS to make it work?  If you are - you shouldn't.

You should be using the Fix My Network Wizard and the Setup Your Internet Address Wizards.

If you use those, and install the SSL Certificate using the Wizards, then you shouldn't have these sorts of problems.
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
I did use those wizards and they said they worked but I still had these problems.  I also used the "add certificate" wizard and it said it took it.  But apparently it assigned it to the wrong CA.

I manually tweaked Exchange to point to the proper CA then I put back my slightly modified web.config file and my OWA is back up.

Just now my phone said I had to update my security passcode on the phone in order to pull emails.  I updated it from a swipe to a password and now emails are coming down.

What a bunch of ridiculous hoops to jump through to get this to work.  I never did like wizards because they hide what they are doing and when it doesn't work you have no idea why.

So, now, my OWA appears to be working and my phone is syncing.

Let's see if it stays that way! :)

Thanks for everyone's help.  I will update you tomorrow unless it breaks again today.

Feel free to post any insights in the meantime.

Thanks.
0
 
LVL 19

Expert Comment

by:Patricksr1972
Comment Utility
Good job!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Well the usual process is to generate a certificate request, then install the certificate once it has been issued.  The way you have done it is 'unusual' - in as much as I've never done it that way before and I don't know anyone else that has either.

Normally once the certificate request has been approved, you download the certificate, install it and everything works happily.

Alan
0
 
LVL 1

Author Comment

by:adrobnis
Comment Utility
Yeah, I have always been an 'unusual' guy.....  :)

- Adam
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Nothing wrong with being different and not following the crowd (in my books) ;)
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now