[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


I broke ActiveSync on our Exchange 2003 server... help!

Posted on 2014-07-14
Medium Priority
Last Modified: 2014-07-15
In an attempt to ready our Exchange 2003 on-prem server for a migration to the O365 Exchange Online hosted email, I was using the MRCA website to perform a Microsoft Exchange ActiveSync Connectivity Test.
I get green ticks for all items up to authentication.
There was a suggestion that I needed to enable Integrated Windows Authentication for the Microsoft-Server-ActiveSync Exchange Virtual Server...  
The ability to do this was greyed out, so I had to install a Hotfix 937071 and I could then make the change.
I did this, and then enabled Integrated Windows Authentication and did a restart on the IIS services.

Now I'm getting calls from staff who use their email account on a smartphone (mainly iPhones at this point) and they report they are being prompted for a password.   If they input their correct password, it just reappears over and over.
So I tested this on my iPhone and couldn't complete the account creation with a "Unable to verify account" error.
I followed the exact procedure we've always had for our Exchange accounts on iPhones and cannot get the email working.

So - enter "WTF have I done mode", and I have now reverted the authentication settings (for all Exchange Virtual Servers listed) back to what I think they were before I started, have uninstalled the hotfix and done a full IISadmin service restart (and all the dependent services as well).
This has not fixed the problem.

What can I do to try and restore activesync connectivity (in particular, our phones)???
Question by:Reece Dodds
  • 4
  • 3
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 2000 total points
ID: 40196311
Have a read through my article, check the settings, test the results on the test site in my article and come back to me if you have any questions or can't get it working.



Author Comment

by:Reece Dodds
ID: 40196316
I did.  And I posted a comment.
I think I may have it fixed now...
I checked global settings for Exchange ActiveSync and added a tick to Outlook Mobile Access.
That seems to have done the trick.
Oddly enough, we can now connect our accounts with or without SSL (but TBH, I hadn't tested this since adding the new cert a few weeks back).
Man - I feel like I need to take a full system state backup of the server's current config before I start the Exchange Online staged migration.  Any tips there?
LVL 76

Accepted Solution

Alan Hardisty earned 2000 total points
ID: 40196352
I know - just left you a reply there too ;)

You shouldn't have SSL disabled for Activesync - it leaves your credentials flying across the internet in Plain Text!

You can take a system state backup and a separate IIS backup.

Use the inbuilt Backup program to run the system state backup and use the following article for the how to on an IIS backup (Non-Portable):


Here is the Staged Migration article from MS:


You need to make sure that RPC over HTTPS works on your server.  You can use the test site https://testexchangeconnectivity.com to make sure that works, but you WILL need a trusted 3rd party SSL certificate installed on your server before the migration will work.

On the test site, choose the Outlook Connectivity test and manually specify the server settings.  Usually the RPC virtual Directory is missing the Integrated Windows Authentication, so if it fails, check the permissions and add it if it's missing, then run iisreset from a command prompt and test again.

I won't go into any more Office 365 / RPC guidance here as it will confuse anyone finding this question in the future, so if you want specific guidance, please post another question and let me know the link here and I'll do my best to help you.

Best wishes

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  


Author Comment

by:Reece Dodds
ID: 40198263
Thanks mate.
I'd been installing the SSL cert. and setting everything up for the migration.  That's when I ran into the activesync issue that I should've just left alone.
I was reading through another staged migration article last night and only just realised my connectivity issues were RPC over HTTP related and not ActiveSync related (I was doing the wrong test on the MRCA - testexchangeconnectivity.com).
It turns our our Exchange 2003 box didn't have RPC over HTTP Proxy installed.

This can be installed and configured on the same box as Exchange 2003 right?
It's the only server for mail and is a public facing back-end server.  It's also a DC.
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40198271
Yep - installing it is fine.

Oh well - we live and we learn :)

A guide for you in case you need it:


Get that installed and then test - if you get problems, please let me know.


Author Comment

by:Reece Dodds
ID: 40198274
Champ!  I'll get in touch via your blog if I get stuck.
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40198277
Sure - feel free.  Good luck.


Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question