• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 191
  • Last Modified:

Exchange 2013 Activesync connectivity issue

Hi,

Currently troubleshooting some issues with the activesync after a FW change.

So far not related to the FW change. Mail flow is working and all seems fine (logs from FW)

BUT.......
Activesync is not functioning correctly.

when using an device and adding a users account - Autodiscover does its part and find the mailbox and connects to the device.
So fra so good.
When opening the mailbox it is empty and states its waiting to be synched.
Manually synching does nothing.

Trying to set up the same account on a Sony Xperia give error on root certificate. Manually adding the exchange config gives access and all works.


Exchange :
When runnning -> test-activesyncconnectivity it give and failure in response. Using the -TrustAnySSLcertificate give succes on all scenarios.

Testing with a user i changed some of the auth settings in acticesync virtual directory in IIS just to be able to do some changes. The recyceld the syncapppool. The user could then send a mail from an Iphone. Testing test-activesyncconnectivity gave an success on all scenarios. 30 sec later, failure on test-activesynconnectivity, and user could not send mail.

I have gone through the SSL certificate on the Exchange (it's a DAG) servers. Only issue i could find was that the SSL certificate was in SHA-1 and that would be on the deprecate plan for 1/1-17.

So, Any suggestion to where the issue resides ?
0
Mr Woober
Asked:
Mr Woober
  • 2
  • 2
1 Solution
 
Andy MInternal Systems ManagerCommented:
When runnning -> test-activesyncconnectivity it give and failure in response

What error are you getting when running this? Seems to be pointing to an SSL issue based on the information provided so far, are you using a trusted certificate or a self-signed certficate?
0
 
Mr WooberAuthor Commented:
Thanks for the response.

See attached picture for response from the test-activesyncconnectivity

Yes, I suspect some SSL issue but cant figure out where :)

I have just changed the SSL certificate on our webmail service. New certificate is created at Comodo. SHA256RSA. The self Signed is SHA-1



Self signed certificate in backend between servers.
exchange_activesync.png
0
 
Andy MInternal Systems ManagerCommented:
Hmm, the error doesn't provide a great deal of information.

What results do you get from using the get-exchangecertificate command? In particular which services are assigned to the Comodo certificate when running this?

You could also trying using the exchange remote connectivity analyzer: https://testconnectivity.microsoft.com/?tabid=client - this will show you any errors it has connecting to the Activesync which will help to narrow it down a bit.
0
 
Mr WooberAuthor Commented:
Thanks for the push in right direction :)

The issue was in services applied to different services.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now