Stelian Stan
asked on
ActiveSync issues
We have a mixed environment of Exchange 2007 SP3 RU13 and 2013 CU7. No mailboxes has been moved to Exchange 2013 as of now.
Not able to add an email account using ActiveSync on a mobile device. When I try to configure an email on a phone from inside the network using ActiveSync I get the attached error message.
Any thoughts?
Thanks
ActiveSync-Error.JPG
Not able to add an email account using ActiveSync on a mobile device. When I try to configure an email on a phone from inside the network using ActiveSync I get the attached error message.
Any thoughts?
Thanks
ActiveSync-Error.JPG
ASKER
So you are suggesting to move all mailboxes to Exchange 2013 the try your suggestion?
That's not working for me because I have to have this working before I can move any mailbox to 2013. I cannot do the migration of all mailboxes over night. That process will take at list two weeks if not longer, so we have to find a way to fix this issue before I start moving any mailbox.
That's not working for me because I have to have this working before I can move any mailbox to 2013. I cannot do the migration of all mailboxes over night. That process will take at list two weeks if not longer, so we have to find a way to fix this issue before I start moving any mailbox.
There is a similar issue about the active sync issue in mixed mode please check this : https://www.experts-exchange.com/questions/28598716/Mixed-Exchange-2007-2010-Active-Sync-Issue-Please-Help.html
ASKER
I looked at that one before I even posted my question. All my settings seems OK according to that posting.
Have you reconfigured the Exchange 2007 server as per the following guide (near the bottom):
https://technet.microsoft.com/en-us/library/hh529912(v=exchg.150).aspx
You will need to set your activesyncvirtualdirectory back to the 2007 server until you have moved everyone to the 2013 server.
If you run get-activesyncvirtualdirec tory - it will probably be pointing to the 2013 server which won't help you.
Alan
https://technet.microsoft.com/en-us/library/hh529912(v=exchg.150).aspx
You will need to set your activesyncvirtualdirectory
If you run get-activesyncvirtualdirec
Alan
ASKER
Thanks Alan.
I will make that change then post back.
I will make that change then post back.
ASKER
I made the change:
Set-ActiveSyncVirtualDirec tory -Identity "<CAS2007>\Microsoft-Serve r-ActiveSy nc (Default Web Site)" -ExternalUrl https://mail.contoso.com/Microsoft-Server-ActiveSync - changed the values to my environment and followed with an iireset on the server.
Still not working after making this change.
I also noticed if i put wrong password at least I get to next screen (please see attachment file) and then when i fill all the information on this screen it fails.
ActiveSync-Error-02.JPG
Set-ActiveSyncVirtualDirec
Still not working after making this change.
I also noticed if i put wrong password at least I get to next screen (please see attachment file) and then when i fill all the information on this screen it fails.
ActiveSync-Error-02.JPG
Please run the Activesync test on https://testexchangeconnectivity.com and post the results (hiding your domain name) as that might help identify the problem.
Alan
Alan
ASKER
Hi Alan. Thanks for all your help. Here is the ActiveSync test result:
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
Exchange ActiveSync was tested successfully.
Additional Details
Test Steps
Attempting to resolve the host name oma.domain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host oma.domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server oma.mmms.ca on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.domain.com, OU=PremiumSSL Wildcard,
One or more certificate chains were constructed successfully.
Additional Details
Analyzing the certificate chains for compatibility problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Tell me more about this issue and how to resolve it
Additional Details
The Microsoft Connectivity Analyzer is analyzing intermediate certificates sent by the remote server.
All intermediate certificates are present and valid.
Additional Details
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 671 ms.
Testing HTTP Authentication Methods for URL https://oma.domain.com/Microsoft-Server-ActiveSync/.
The HTTP authentication methods are correct.
Additional Details
The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic
HTTP Response Headers:
Connection: Keep-Alive
Pragma: no-cache
Content-Length: 2057
Cache-Control: no-cache
Content-Type: text/html
WWW-Authenticate: Basic Realm="oma.domain.com"
Elapsed Time: 550 ms.
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Additional Details
Elapsed Time: 1300 ms.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Attempting the FolderSync command on the Exchange ActiveSync session.
The FolderSync command completed successfully.
Additional Details
Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
The Sync command completed successfully.
Additional Details
Attempting to test the GetItemEstimate command for the Inbox folder.
The Microsoft Connectivity Analyzer successfully received the GetItemEstimate response from the server.
Additional Details
Okay - looks promising.
Is the certificate that is being reported installed on both servers or just one or the other?
Where is port 443 being pointed to at present?
Is the certificate that is being reported installed on both servers or just one or the other?
Where is port 443 being pointed to at present?
ASKER
unfortunately is pointing to old server.
To give you more information on this problem:
- at this point we are using ISA 2006 to access from outside the network, ISA is pointing to EX2007 server
- I have an TMG installed and I want to use it during the migration process. So tonight I can change the outside DNS to point to TMG the do the Activesync test on https://testexchangeconnectivity.com then post the result. I have to make sure OWA and ActiveSync is working properly before I make the switch.
- also on March 1 i had to rebuild Ex2013 using "Setup /m:RecoverServer" because the server died. Now is a virtual server. Followed this technet to restore the server.
- after I restored the server, I installed the same certificate I used before the server died, assigned SMTP and IIS services to the cert. The cert has oma.domain.com, legacy.domain.com and autodiscovery.domain.com
Please let me know if you need more information so you can have a good understanding of my issue here.
To give you more information on this problem:
- at this point we are using ISA 2006 to access from outside the network, ISA is pointing to EX2007 server
- I have an TMG installed and I want to use it during the migration process. So tonight I can change the outside DNS to point to TMG the do the Activesync test on https://testexchangeconnectivity.com then post the result. I have to make sure OWA and ActiveSync is working properly before I make the switch.
- also on March 1 i had to rebuild Ex2013 using "Setup /m:RecoverServer" because the server died. Now is a virtual server. Followed this technet to restore the server.
- after I restored the server, I installed the same certificate I used before the server died, assigned SMTP and IIS services to the cert. The cert has oma.domain.com, legacy.domain.com and autodiscovery.domain.com
Please let me know if you need more information so you can have a good understanding of my issue here.
ASKER
Hi Alan, here is the result of Microsoft Connectivity Analyzer
Connectivity Test Failed
Test Details
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Test Steps
Attempting to resolve the host name oma.mmms.ca in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host oma.domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://oma.domain.com/Microsoft-Server-ActiveSync/.
The HTTP authentication methods are correct.
Additional Details
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Additional Details
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Tell me more about this issue and how to resolve it
Additional Details
An HTTP 403 error was received because ISA Server denied the specified URL.
HTTP Response Headers:
Connection: Keep-Alive
request-id: e5df9475-e5ef-48d7-bee8-58 e2acb6ab1a
Content-Length: 2040
Cache-Control: private
Content-Type: text/html
Date: Sat, 28 Mar 2015 05:12:10 GMT
Set-Cookie: cadataBB33EC985DEF4BEABDE0 F43D8E681C 55="0e1236 fea-0b5a-4 898-a3d6-4 cdf37e8759 7ZMyc7K1Z8 xGxL1mI3j+ e3Rmkh5m0z Yqfp1FmIRb bLABvaqE11 q5K8tnoK8i mQq4fLIwRG tUws72743Z oZt0G0gaLn 8kaW2Vp26S HN02a5k61N zNS0xGO7Bt LOfwzAroL" ; HttpOnly; Domain=.mmms.ca; secure; path=/,ClientId=TCHJSOAKQU GFGHRZMTG; expires=Sun, 27-Mar-2016 05:12:11 GMT; path=/; HttpOnly,X-BackEndCookie=S -1-5-21-34 90700173-3 735007161- 874480475- 2125=u56Ln p2ejJqBnc2 eyJ6am57Sm s7OzNLLzJu c0seZyJzSx 8zOmZ3OnM6 Zz8uagYHNz 87K0s/L0s3 Iq8/Kxc7Nx c7O; expires=Mon, 27-Apr-2015 05:12:11 GMT; path=/Microsoft-Server-Act iveSync; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-CalculatedBETarget: exchange.domain.com
X-MS-BackOffDuration: L/-470
X-DiagInfo: exchange
X-BEServer: exchange
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-FEServer: exchange
Elapsed Time: 130 ms.
Connectivity Test Failed
Test Details
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Test Steps
Attempting to resolve the host name oma.mmms.ca in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host oma.domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://oma.domain.com/Microsoft-Server-ActiveSync/.
The HTTP authentication methods are correct.
Additional Details
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Additional Details
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Tell me more about this issue and how to resolve it
Additional Details
An HTTP 403 error was received because ISA Server denied the specified URL.
HTTP Response Headers:
Connection: Keep-Alive
request-id: e5df9475-e5ef-48d7-bee8-58
Content-Length: 2040
Cache-Control: private
Content-Type: text/html
Date: Sat, 28 Mar 2015 05:12:10 GMT
Set-Cookie: cadataBB33EC985DEF4BEABDE0
Server: Microsoft-IIS/8.5
X-CalculatedBETarget: exchange.domain.com
X-MS-BackOffDuration: L/-470
X-DiagInfo: exchange
X-BEServer: exchange
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-FEServer: exchange
Elapsed Time: 130 ms.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Alan for your support. i will test this week from internal networks using our WiFi and the FQDN of the server and I will update the result. I tested Exchange 2013 ActiveSync with a 2013 User and it works, also Exchange 2007 ActiveSync with 2007 user this also works. I didn't tested Exchange 2013 ActiveSync with a 2007 user.
To work around this issue, assign the Exchange Servers group the right to change permissions against msExchActiveSyncDevices objects. To do this, follow these steps:
Start Active Directory Users and Computers.
Click View, and then click to enable Advanced Features.
Right-click the object where you want to change the Exchange Server permissions, and then click Properties.
Note You can change permissions against a user, an organizational unit, or a domain.
On the Security tab, click Advanced.
Click Add, type Exchange Servers, and then click OK.
In the Apply to box, click Descendant msExchActiveSyncDevices objects.
Under Permissions, click to enable Modify Permissions.
Click OK three times.
Back to the topBack to the top | Give Feedback