Solved

Exchange 2016 Activesync not working, mobile devices cannot connect

Posted on 2016-11-20
21
23 Views
Last Modified: 2016-11-27
I am unable to get Activesync working on a new Exchange 2016 server. Autodiscover works and Exchange Activesync Autodiscover even passes using the Microsoft Remote Connectivity Analyzer.

I've checked and re-checked the virtual directories and IIS settings, comparing them to working Exchange 2013 servers.

As near as I can tell there is a problem with the XML code in a config file but I can't determine which file the problem is with or what to change. The errors are below and I've even checked the following link but my config is different than this post.

I even tried to this Microsoft post https://support.microsoft.com/en-us/kb/942055
I changed the permissions in the config file mentioned below, adding read permissions to the IIS-IUSRS user and that seemed to completely broke the site at https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync

Any help would be greatly appreciated. Error logs are included below in the following order:

1.) Remote Connectivity Analyzer (Exchange Activesync {abbrevieated})
2.) https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync (error from the activesync site)
3.) Microsoft Exchange Management PowerShell command: Test-ActiveSyncConnectivity




1.) Remote Connectivity Analyzer (Exchange Activesync {abbrevieated})
Remote Connectivity Analyzer:

An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
       
      Additional Details
       
Elapsed Time: 325 ms.
       
      Test Steps
       
      Attempting to send the OPTIONS command to the server.
       Testing of the OPTIONS command failed. For more information, see Additional Details.
       
      Additional Details
       
A Web exception occurred because an HTTP 400 - BadRequest response was received from Unknown.
HTTP Response Headers:
request-id: 2a98aec3-e119-42c9-8f7a-e1af0f792ea7
X-CasErrorCode: MailboxGuidWithDomainNotFound
Persistent-Auth: true
X-FEServer: MailServer
Content-Length: 0
Cache-Control: private
Date: Mon, 21 Nov 2016 01:11:53 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 325 ms.



----------------------------------------------------------------------------------------------------------------------------------------------------------
2.) https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync (error from the activesync site)

https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Detailed Error Information:
Module         IIS Web Core
Notification         BeginRequest
Handler         Not yet determined
Error Code         0x80070005
Config Error         Cannot read configuration file due to insufficient permissions
Config File         \\?\C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\mapi\web.config
Requested URL         https://MailServer.contoso.local:444/mapi/Microsoft-Server-ActiveSync
Physical Path         C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\mapi\Microsoft-Server-ActiveSync
Logon Method         Not yet determined
Logon User         Not yet determined

Config Source:
   -1:
    0:

More Information:
This error occurs when there is a problem reading the configuration file for the Web server or Web application. In some cases, the event logs may contain more information about what caused this error.
View more information »


----------------------------------------------------------------------------------------------
3.) Microsoft Exchange Management PowerShell command: Test-ActiveSyncConnectivity

Test-ActiveSyncConnectivity on Exchange Managment Shell


[PS] C:\Windows\system32>Test-ActiveSyncConnectivity -UseAutodiscoverForClientAccessServer -MailboxCredential (Get-Crede
ntial contoso\user1)
Creating a new session for implicit remoting of "Test-ActiveSyncConnectivity" command...

CasServer  LocalSite     Scenario        Result  Latency(MS) Error
---------  ---------     --------        ------  ----------- -----
MailServer                   Autodiscover... Failure             [System.Net.WebExcept...
Autodis...               Autodiscover... Success      375.02
mail       Default-Fi... Options         Failure             [System.Net.WebExcept...


[PS] C:\Windows\system32>Test-ActiveSyncConnectivity -UseAutodiscoverForClientAccessServer -MailboxCredential (Get-Crede
ntial contoso\user1) | FL


RunspaceId                  : 37873720-ca6c-4aaa-a3a4-172455a8f8ee
LocalSite                   :
SecureAccess                : True
VirtualDirectoryName        :
Url                         :
UrlType                     : Unknown
Port                        : 0
ConnectionType              : Plaintext
ClientAccessServerShortName : MailServer
LocalSiteShortName          :
ClientAccessServer          : MailServer.contoso.local
Scenario                    : Autodiscover Client Access server
ScenarioDescription         : An attempt was made to contact Autodiscover server MailServer.contoso.local from
                              (MailServer.contoso.local)  for Client Access server information using NTLM for
                              authentication.
PerformanceCounterName      :
Result                      : Failure
Error                       : [System.Net.WebException]: The underlying connection was closed: Could not establish
                              trust relationship for the SSL/TLS secure channel. Inner error
                              [System.Security.Authentication.AuthenticationException]: The remote certificate is
                              invalid according to the validation procedure.
UserName                    : user1
StartTime                   : 11/20/2016 6:24:00 PM
Latency                     : 00:00:00.0156246
EventType                   : Error
LatencyInMillisecondsString :
Identity                    :
IsValid                     : True
ObjectState                 : New

RunspaceId                  : 37873720-ca6c-4aaa-a3a4-172455a8f8ee
LocalSite                   :
SecureAccess                : True
VirtualDirectoryName        :
Url                         :
UrlType                     : Unknown
Port                        : 0
ConnectionType              : Plaintext
ClientAccessServerShortName : Autodiscover
LocalSiteShortName          :
ClientAccessServer          : Autodiscover.contoso.com
Scenario                    : Autodiscover Client Access server
ScenarioDescription         : An attempt was made to contact Autodiscover server Autodiscover.contoso.com from
                              (user1@contoso.com)  for Client Access server information using NTLM for
                              authentication.
PerformanceCounterName      :
Result                      : Success
Error                       :
UserName                    : user1
StartTime                   : 11/20/2016 6:24:00 PM
Latency                     : 00:00:00.0156266
EventType                   : Success
LatencyInMillisecondsString : 15.63
Identity                    :
IsValid                     : True
ObjectState                 : New

RunspaceId                  : 37873720-ca6c-4aaa-a3a4-172455a8f8ee
LocalSite                   : Default-First-Site-Name
SecureAccess                : True
VirtualDirectoryName        :
Url                         :
UrlType                     : Unknown
Port                        : 0
ConnectionType              : Plaintext
ClientAccessServerShortName : mail
LocalSiteShortName          : Default-First-Site-Name
ClientAccessServer          : mail.contoso.com
Scenario                    : Options
ScenarioDescription         : Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
PerformanceCounterName      : DirectPush Latency
Result                      : Failure
Error                       : [System.Net.WebException]: The remote server returned an error: (401) Unauthorized.

                              HTTP response headers:

                              request-id: d1e05b5d-34a9-43d7-be3a-38eaf3e8734f
                              X-FailureContext: FrontEnd;401;VW5hdXRob3JpemVk;;;;
                              X-FEServer: MailServer
                              Content-Length: 0
                              Date: Mon, 21 Nov 2016 01:24:00 GMT
                              Server: Microsoft-IIS/8.5
                              WWW-Authenticate: Negotiate
                              X-Powered-By: ASP.NET


UserName                    : user1
StartTime                   : 11/20/2016 6:24:00 PM
Latency                     : -00:00:01
EventType                   : Error
LatencyInMillisecondsString :
Identity                    :
IsValid                     : True
ObjectState                 : New



[PS] C:\Windows\system32>
0
Comment
Question by:ditobot
  • 13
  • 7
21 Comments
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
Please go to https://testconnectivity.microsoft.com/ run autodiscover test and post entire results.
0
 

Author Comment

by:ditobot
Comment Utility
Here are the results of the Exchange Autosync Autodiscover test:

       Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Autodiscover was successfully tested for Exchange ActiveSync.
              Additional Details
       Elapsed Time: 2097 ms.

              Test Steps
              Attempting each method of contacting the Autodiscover service.
       The Autodiscover service was tested successfully.
              Additional Details
       Elapsed Time: 2097 ms.

              Test Steps
              Attempting to test potential Autodiscover URL https://contoso.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
              Additional Details
       Elapsed Time: 731 ms.

              Test Steps
              Attempting to resolve the host name contoso.com in DNS.
       The host name resolved successfully.
              Additional Details
       IP addresses returned: 66.226.70.22
Elapsed Time: 105 ms.

       Testing TCP port 443 on host contoso.com to ensure it's listening and open.
       The port was opened successfully.
              Additional Details
       Elapsed Time: 315 ms.

       Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
              Additional Details
       Elapsed Time: 311 ms.

              Test Steps
              The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server contoso.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
              Additional Details
       Remote Certificate Subject: CN=*.concentric.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 287 ms.

       Validating the certificate name.
       Certificate name validation failed.
         Tell me more about this issue and how to resolve it

              Additional Details
       Host name contoso.com doesn't match any name found on the server certificate CN=*.concentric.com, OU=Domain Control Validated.
Elapsed Time: 0 ms.





       Attempting to test potential Autodiscover URL https://autodiscover.contoso.com:443/Autodiscover/Autodiscover.xml
       Testing of the Autodiscover URL was successful.
              Additional Details
       Elapsed Time: 1365 ms.

              Test Steps
              Attempting to resolve the host name autodiscover.contoso.com in DNS.
       The host name resolved successfully.
              Additional Details
       IP addresses returned: x.x.26.138
Elapsed Time: 166 ms.

       Testing TCP port 443 on host autodiscover.contoso.com to ensure it's listening and open.
       The port was opened successfully.
              Additional Details
       Elapsed Time: 118 ms.

       Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
              Additional Details
       Elapsed Time: 303 ms.

              Test Steps
              The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.contoso.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
              Additional Details
       Remote Certificate Subject: CN=mail.contoso.com, OU=Domain Control Validated, Issuer: CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 271 ms.

       Validating the certificate name.
       The certificate name was validated successfully.
              Additional Details
       Host name autodiscover.contoso.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.

       Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
              Test Steps
              The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.contoso.com, OU=Domain Control Validated.
       One or more certificate chains were constructed successfully.
              Additional Details
       A total of 2 chains were built. The highest quality chain ends in root certificate OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US.
Elapsed Time: 13 ms.

       Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
              Additional Details
       The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 1 ms.



       Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
              Additional Details
       The certificate is valid. NotBefore = 11/20/2016 7:44:00 PM, NotAfter = 11/19/2019 5:10:01 AM
Elapsed Time: 0 ms.



       Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
              Additional Details
       Accept/Require Client Certificates isn't configured.
Elapsed Time: 356 ms.

       Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
              Additional Details
       Elapsed Time: 420 ms.

              Test Steps
              The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.contoso.com:443/Autodiscover/Autodiscover.xml for user User1@contoso.com.
       The Autodiscover XML response was successfully retrieved.
              Additional Details
       Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>Randy Stowe</DisplayName>
<EMailAddress>User1@Contoso.com</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
HTTP Response Headers:
request-id: 2aa76ec0-3da5-4f7a-aec0-8a9c5edafa02
X-CalculatedBETarget: MailServer.contoso.local
X-DiagInfo: MAILSERVER
X-BEServer: MAILSERVER
Persistent-Auth: true
X-FEServer: MAILSERVER
Content-Length: 740
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 21 Nov 2016 05:01:59 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-329068152-796845957-839522115-3153=u56Lnp2ejJqBnszNmc/KzcvSyMudy9LLysfJ0p6enZ3Szc3ImcjNmc+cz8/NgYHNz87J0s7N0s3Oq8/Kxc/Nxc/PgauNnpGMvJaLhraRjNGTkJyek4HP; expires=Wed, 21-Dec-2016 05:02:00 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 420 ms.
0
 
LVL 5

Expert Comment

by:Lisa Hendrickson "CallThatGirl"
Comment Utility
I'll just throw this out there, not sure if you're on-prem--guessing so, but Autodiscover had to be autodiscover.outlook.com for outside. I have had issues with this on small scale migrations, lessons learned the hard way. Worth a try.
0
 

Author Comment

by:ditobot
Comment Utility
Thanks Lisa,

Yes this is an on-premise Exchange 2016 server synced with Exchange Online Protection via Azure Active Directory Connect. I can update autodiscover but ultimately all autodiscover settings still originate from my on-premise exchange server. Regardless, if you look at my original post Exchange Activesync errors out in a browser with an HTTP 500.19 error and the test-ActiveSyncConnectivity test shows that there are failures for the  Options, Autodiscover and FolderSync scenarios. The Options scenario is the one that appears to be causing the biggest problem although I would love to get all scenarios working. This is an older domain and it is still using a .local so I don't know if there is anyway to mask the fqdn here.
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
Host name contoso.com doesn't match any name found on the server certificate CN=*.concentric.com, OU=Domain Control Validated.


See the above test is failing because your certificate does not include the host contoso.com on the certificate.

The only valid name present in the certificate is *.concentric.com

So your working domain is contoso.com or concentric.com ?
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
Due to invalid certificate name you are getting all of the above errors to fix this if your working domain is contoso. com then you need to install certificate for contoso.com on exchange 2016.

If your working domain is concentric.com then certificate is already installed you need to only change your External and Internal URL in Exchange 2016 using following article

http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/
0
 

Author Comment

by:ditobot
Comment Utility
Well, concentric.com is actually the address for the registrar that hosts public DNS. my A record for mail.contoso.com is the IP address for my outward facing public IP on my Exchange 2016 server and autodiscover point to mail.contoso.com. The MX record points to EOP contoso.com.mail.protection.outlook.com.

Contoso.com or www.contoso.com is an actual website for Contoso so that is probably where it is pulling the concentric.com certificate from, when it is querying contoso.com and not mail.contoso.com or autodiscover.contoso.com.

That doesn't seem to be where it is failing. It appears that the part where everything breaks down in the analyzer is at this point. It doesn't like the authetication method and this is confirmed when I go to https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync. It should pop up a login window but it doesn't. It just displays the HTTP Error 500.19 - Internal Server Error

This seems to be where the analyzer breaks down:

Testing HTTP Authentication Methods for URL https://mail.transcityins.com/mapi/Microsoft-Server-ActiveSync.
       The test passed with some warnings encountered. Please expand the additional details.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
The following authentication methods are enabled, but they aren't allowed authentication methods for this service. Methods: Negotiate
HTTP Response Headers:
request-id: 6ad5db2b-108d-4128-a5d9-2f128c91166f
X-FEServer: TCMAIL
Content-Length: 0
Date: Tue, 22 Nov 2016 02:39:50 GMT
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate
X-Powered-By: ASP.NET
Elapsed Time: 561 ms.
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
Hi,

The test clear states that concentric.com certificate is installed on your exchange server.

OK so for contoso.com you have self signed certificate ot third party ?

First we will resolve certificate issue than will go to authentication issue.

Can you Run the following command on exchange server to get the certificate details

This example returns a summary list of all Exchange certificates and pending certificate requests on the server named Mailbox01.

Get-ExchangeCertificate -Server Mailbox01

Example 2

This example returns detailed information for the specified certificate.

Get-ExchangeCertificate -Thumbprint 0271A7F1CA9AD8A27152CCAE044F968F068B14B8 | Format-List

Please run the above command and post results.
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
To resolve your authentication issue

Go to IIS Manager - Start> All Programs> Administrative Tools> Internet Information Services (IIS) Manager.

Expand Server> Sites> Default Web Site> Click on Microsoft-Server-Activesync.  Doubel-click on Authentication - change to Basic only.(keep only Basic disable others)

Run IISRESET from an Elevated Command Prompt - Have a cup of tea / coffee!

Test again.
0
 

Author Comment

by:ditobot
Comment Utility
Thanks Mumbai Tech,

Unfortunately Basic Authentication was already the only authentication method enabled for ActiveSync in IIS in both directories (Default Web Site and Exchange Back End). IIS has been reset /noforce multiple times and the server rebooted just in case it was service related.

And the Remote Connectivity Analyzer goes through a series of tests starting with the base domain. I have this working on plenty of Exchange 2013 servers and they all fail the first test because they query the root domain and then work their way to autodiscover if they don't get an answer.

I found this, and thought it was the answer. http://www.expta.com/2016/06/mapi-virtual-directory-bug-in-exchange.html
Apparently there is a bug in Exchange 2016 CU2 and newer where it removes one of the default authentication methods, OAuth, which isn't an option in the EAC, it needs to be set in Exchange Management Console. I set it and confirmed but unfortunately it still didn't fix my problem.

They've moved away from RPC over HTTP in Exchange 2016 which has been the default authentication method for years. The new mapi over http has got to be the root of my problem only I can't figure what I'm missing. I think the bit I'm missing up to this point is the authentication as shown in this part of the Remote Connectivity Analyzer tool. All of my other functioning Exchange servers pass this portion of the test without errors.

      Testing HTTP Authentication Methods for URL https://mail.transcityins.com/mapi/Microsoft-Server-ActiveSync.
       The test passed with some warnings encountered. Please expand the additional details.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
The following authentication methods are enabled, but they aren't allowed authentication methods for this service. Methods: Negotiate, NTLM
HTTP Response Headers:
request-id: 597a011b-12e2-4fce-b3d1-3d52e8ac4083
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="mail.transcityins.com"
X-Powered-By: ASP.NET
X-FEServer: TCMAIL
Date: Tue, 22 Nov 2016 05:33:19 GMT
Content-Length: 0
Elapsed Time: 585 ms.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
You have to > Click on Microsoft-Server-Activesync.  Doubel-click on Authentication - change to Basic only
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
See the above test results it shows

Methods: Negotiate, NTLM

It should show basic.
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
After going to default website click on plus sign to expand the view now Click on Microsoft-Server-Activesync.  Doubel-click on Authentication - change to Basic only
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
Please do following steps to fix this issue,

    Copy sharedWebConfig.config file from C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy directory.
    Paste sharedWebConfig.config file in C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess directory

Do
    IISreset /noforce

 Now check the issue,

Ref : http://msexchangeguru.com/2016/02/19/e2016-ecp-works-owa-fails/
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
The above fix is given because you are receiving Http ,500 error

There is bug in CU2 which is causing this issue.
0
 
LVL 2

Assisted Solution

by:Mumbai Tech
Mumbai Tech earned 500 total points
Comment Utility
Also one thing I forgot is if user which are using for active sync testing purpose is domain admin than you need to first enable inheritance using following article

http://www.careexchange.in/exchange-activesync-returned-an-http-500-response-internal-server-error/

https://www.experts-exchange.com/questions/28944330/Exchange-2016-Activesync-problem.html
0
 

Author Comment

by:ditobot
Comment Utility
I changed the security permissions to my test user to 'enable inheritance'

I copied the sharedwebconfig.config from httpproxy to clientaccess, but the folder already existed so I don't think that was the issue

I have other sites that are working even with the HTTP 500.19 error when I go to https://mail.contoso.com/mapi/Microsoft-Server-ActiveSync. The only thing that is different is that those sites bring up a an 'authentication required' window, required a username and password. The site that isn't working does not bring up a login window which corresponds with the error in the Remote Connectivity Analyzer Autodiscover test.

"The following authentication methods are enabled, but they aren't allowed authentication methods for this service. Methods: Negotiate, NTLM".

What is strange is that it should list NTLM, OAuth, and Negotiate. I have confirmed that these are the authentication methods that are configured on the server  by running the following command in the Exchange Management Shell "Get-MapiVirtualDirectory -ADPropertiesOnly | fl server,iis*"

Any more suggestions?
0
 

Accepted Solution

by:
ditobot earned 0 total points
Comment Utility
I was finally able to get it working finally by removing the ActiveSync virtual directories in the "Default Web Site" and the "Exchange Back End". I was a little hesitant to do this knowing that messing with directories in IIS can have catastrophic results but upon recommendation from Microsoft I removed the ActiveSync directories using the following commands.

Remove-ActiveSyncVirtualDirectory -Identity Microsoft-Server-ActiveSync (Default Web Site)

New-ActiveSyncVirtualDirectory -WebSiteName “Default Web Site” -ExternalUrl https://FQDN/Microsoft-Server-ActiveSync -InternalUrl https://FQDN/Microsoft-Server-ActiveSync

Remove-ActiveSyncVirtualDirectory -Identity “Microsoft-Server-ActiveSync (Exchange Back End)”

New-ActiveSyncVirtualDirectory -WebSiteName “Exchange Back End”


The only additional task that I needed to do to get my account to work was to enable inheritance on the 'Domain Admin' accounts in Active Directory, as suggested by Mumbai Tech above. Domain accounts have inheritance disabled by default so it could not inherit the proper permissions to allow 'Folder Sync' to work in ActiveSync.

After doing the above and then resetting IIS using "iisereset /noforce" from an elevated command prompt everything worked.
0
 
LVL 2

Expert Comment

by:Mumbai Tech
Comment Utility
Hi ditobots,

Nice to here that the active sync issue is resolved and also thank you very much for updating us.

Sorry I was out and didn't checked EE.
0
 

Author Closing Comment

by:ditobot
Comment Utility
It was the only solution that actually fixed my problem.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now