Solved

Exchange 2013 Activesync connectivity issue

Posted on 2016-09-08
4
104 Views
Last Modified: 2016-09-09
Hi,

Currently troubleshooting some issues with the activesync after a FW change.

So far not related to the FW change. Mail flow is working and all seems fine (logs from FW)

BUT.......
Activesync is not functioning correctly.

when using an device and adding a users account - Autodiscover does its part and find the mailbox and connects to the device.
So fra so good.
When opening the mailbox it is empty and states its waiting to be synched.
Manually synching does nothing.

Trying to set up the same account on a Sony Xperia give error on root certificate. Manually adding the exchange config gives access and all works.


Exchange :
When runnning -> test-activesyncconnectivity it give and failure in response. Using the -TrustAnySSLcertificate give succes on all scenarios.

Testing with a user i changed some of the auth settings in acticesync virtual directory in IIS just to be able to do some changes. The recyceld the syncapppool. The user could then send a mail from an Iphone. Testing test-activesyncconnectivity gave an success on all scenarios. 30 sec later, failure on test-activesynconnectivity, and user could not send mail.

I have gone through the SSL certificate on the Exchange (it's a DAG) servers. Only issue i could find was that the SSL certificate was in SHA-1 and that would be on the deprecate plan for 1/1-17.

So, Any suggestion to where the issue resides ?
0
Comment
Question by:Mr Woober
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:Andy M
ID: 41789398
When runnning -> test-activesyncconnectivity it give and failure in response

What error are you getting when running this? Seems to be pointing to an SSL issue based on the information provided so far, are you using a trusted certificate or a self-signed certficate?
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 41789414
Thanks for the response.

See attached picture for response from the test-activesyncconnectivity

Yes, I suspect some SSL issue but cant figure out where :)

I have just changed the SSL certificate on our webmail service. New certificate is created at Comodo. SHA256RSA. The self Signed is SHA-1



Self signed certificate in backend between servers.
exchange_activesync.png
0
 
LVL 14

Accepted Solution

by:
Andy M earned 500 total points
ID: 41789832
Hmm, the error doesn't provide a great deal of information.

What results do you get from using the get-exchangecertificate command? In particular which services are assigned to the Comodo certificate when running this?

You could also trying using the exchange remote connectivity analyzer: https://testconnectivity.microsoft.com/?tabid=client - this will show you any errors it has connecting to the Activesync which will help to narrow it down a bit.
0
 
LVL 1

Author Closing Comment

by:Mr Woober
ID: 41791174
Thanks for the push in right direction :)

The issue was in services applied to different services.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question