Solved

Active Sync Connections with TMG and Exchange 2013

Posted on 2014-04-22
5
905 Views
Last Modified: 2014-05-09
We just configured our TMG 2010 servers (with Basic authentication) to connect with our new Exchange 2013 server and are finding some devices just cannot connect and others are sporadically having some connections problems but then they can connect.
We have done the following:
- Had users remove and re-add their Active Sync account on their device
- Removed the mobile device partnership on the user's exchange account
- Had them try to connect through the MS Remote connectivity Analyzer (successful)

Has anyone seen this issue?
Any suggestions to correct (would like to avoid setting no authentication required on TMG) if possible?

Thank you
0
Comment
Question by:swfwmd2
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 40016948
logs! as you have already got a workable TMG sever in place, let its logs tell us what was happening underneath while the issue occured.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 40017065
Lets say, if it works sometimes, and sometimes not, I would not assume it is a basic configuration item but rather to be possibly a performance issue somewhere.

If MS remote connectivity analyser work fine with full options (including autodiscover), then the clients should be able to connect and to sync. As I assume the TMG is "old" and the exchange is new, the topic is to change all settings in that wa, that the devices can connect like before with the same TMG, but old exchnage, right?.

Mostly affected by suh a move are:
- Autodiscover settings
- DNS settings for CAS, CAS Array (doesn't exist anymore for EX2013), possibly load balancer if more than one CAS role.
- Certificates. If you used public certs before, you can continue to use them. But there is also a cert between TMG and Exchange, so you have to add the cert to the new exchange (what should be the case, otherwise it would nt work.

- On the new exchange, all settings for internela / externaml access addresses  (OWA, Outlook Anywhere, Active Sync etc.) shoul dbe the same than before.
- Check in TMG if the link translation for the exchange folders are alredy correct. Older legry folders there for older exchange versions? This possibly can affect older Active Sync clients.

Just some points to think about.
0
 

Author Comment

by:swfwmd2
ID: 40018428
No sure what you mean by the link translation in TMG. We have clicked on the Test button on the proxy rule and all is green.
The Exchange settings are good and the Certificates are confirmed.
We are using the latest version of TMG (2010) that is availble.

I will try to isolate the logs to one or two users that I can monitor when the connections are rejected and when they pass.

But if the settings work fine for the vast majority of staff I am concerned about changing them. Hopefully the logs show some issues.

thank you,
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40020971
What kind of devices you are talking about? Android, Apple, Microsoft?

Are teh devices up to date?
Is Exchange 2013 up to date? RU3 or later?
0
 

Author Closing Comment

by:swfwmd2
ID: 40054457
Viewing the conneciton logs on the TMG gave us the information we needed to correct the connection issue.
Thank you,
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question