I broke ActiveSync on our Exchange 2003 server... help!

In an attempt to ready our Exchange 2003 on-prem server for a migration to the O365 Exchange Online hosted email, I was using the MRCA website to perform a Microsoft Exchange ActiveSync Connectivity Test.
I get green ticks for all items up to authentication.
There was a suggestion that I needed to enable Integrated Windows Authentication for the Microsoft-Server-ActiveSync Exchange Virtual Server...  
The ability to do this was greyed out, so I had to install a Hotfix 937071 and I could then make the change.
I did this, and then enabled Integrated Windows Authentication and did a restart on the IIS services.

Now I'm getting calls from staff who use their email account on a smartphone (mainly iPhones at this point) and they report they are being prompted for a password.   If they input their correct password, it just reappears over and over.
So I tested this on my iPhone and couldn't complete the account creation with a "Unable to verify account" error.
I followed the exact procedure we've always had for our Exchange accounts on iPhones and cannot get the email working.

So - enter "WTF have I done mode", and I have now reverted the authentication settings (for all Exchange Virtual Servers listed) back to what I think they were before I started, have uninstalled the hotfix and done a full IISadmin service restart (and all the dependent services as well).
This has not fixed the problem.

What can I do to try and restore activesync connectivity (in particular, our phones)???
LVL 8
Reece DoddsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Have a read through my article, check the settings, test the results on the test site in my article and come back to me if you have any questions or can't get it working.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Alan
0
Reece DoddsAuthor Commented:
I did.  And I posted a comment.
I think I may have it fixed now...
I checked global settings for Exchange ActiveSync and added a tick to Outlook Mobile Access.
That seems to have done the trick.
Oddly enough, we can now connect our accounts with or without SSL (but TBH, I hadn't tested this since adding the new cert a few weeks back).
Man - I feel like I need to take a full system state backup of the server's current config before I start the Exchange Online staged migration.  Any tips there?
0
Alan HardistyCo-OwnerCommented:
I know - just left you a reply there too ;)

You shouldn't have SSL disabled for Activesync - it leaves your credentials flying across the internet in Plain Text!

You can take a system state backup and a separate IIS backup.

Use the inbuilt Backup program to run the system state backup and use the following article for the how to on an IIS backup (Non-Portable):

https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d40b56ee-90d4-45e1-9b82-4aaea90eb02e.mspx?mfr=true

Here is the Staged Migration article from MS:

http://technet.microsoft.com/en-us/library/jj874018(v=exchg.150).aspx

You need to make sure that RPC over HTTPS works on your server.  You can use the test site https://testexchangeconnectivity.com to make sure that works, but you WILL need a trusted 3rd party SSL certificate installed on your server before the migration will work.

On the test site, choose the Outlook Connectivity test and manually specify the server settings.  Usually the RPC virtual Directory is missing the Integrated Windows Authentication, so if it fails, check the permissions and add it if it's missing, then run iisreset from a command prompt and test again.

I won't go into any more Office 365 / RPC guidance here as it will confuse anyone finding this question in the future, so if you want specific guidance, please post another question and let me know the link here and I'll do my best to help you.

Best wishes

Alan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Reece DoddsAuthor Commented:
Thanks mate.
I'd been installing the SSL cert. and setting everything up for the migration.  That's when I ran into the activesync issue that I should've just left alone.
I was reading through another staged migration article last night and only just realised my connectivity issues were RPC over HTTP related and not ActiveSync related (I was doing the wrong test on the MRCA - testexchangeconnectivity.com).
It turns our our Exchange 2003 box didn't have RPC over HTTP Proxy installed.

This can be installed and configured on the same box as Exchange 2003 right?
It's the only server for mail and is a public facing back-end server.  It's also a DC.
0
Alan HardistyCo-OwnerCommented:
Yep - installing it is fine.

Oh well - we live and we learn :)

A guide for you in case you need it:

http://www.msexchange.org/articles-tutorials/exchange-server-2003/migration-deployment/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html

Get that installed and then test - if you get problems, please let me know.

Alan
0
Reece DoddsAuthor Commented:
Champ!  I'll get in touch via your blog if I get stuck.
0
Alan HardistyCo-OwnerCommented:
Sure - feel free.  Good luck.

Alan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.