Microsoft active sync on exchange 2010

I am currently in co existence mode with exchange 2003 and exchange 2010

While trying to configure active sync via iss manager i get multiple authentications and it doesnt go through.the address reads http://localhost. This happens after i click browse *.80 (http) or browse *.443(https)

Sometimes it also gives http error 505.0 - http version not supported

My exchange active sync settings are as follows
internal url http://server.domain.local/Microsoft-Server-ActiveSync
authentication tab has basic authentication (password is sent in clear text )ticked
client certificate authentication: ignore client certificates

What could be the issue? Is there any other way to configure and test?
Member_2_6474242Senior Systems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroCEOCommented:
Well Basically ActiveSync is meant for external users, and it should be set using the commands for it in 2010, if they are in co-existence then all the connections should go to the 2010 (newer exchange).
and it should be something in "HTTPS", not HTTP,
for example, https://mail.domain.com/Microsoft

To get the URL from the server is:
Get-ActiveSyncVirtualDirectory -Server $env:COMPUTERNAME | select Name,Server,*url,*auth

Open in new window


More on:
https://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BembiCEOCommented:
Hello,

most of the Exchange issues are related either to certificate or to DNS settings...
As Jose said, Active Sync is usually https
This is due the fact, that it is usually used for external access and this should always be secured...

You should not configure Exchange IIS sites using the IIS Manager as Exchange sets all needed settings via PowerShell. If you change them after the Exchange setup of the web sites, they may not be in sync anymore (what Exchange expects and what is set in  IIS) and throw errors.
Better to remove them via Exchange Management Shell and to recreate them in the same way.

The most common configuration is for Active Sync is:
- IIS: Basic Authentication
- Exchange: Basic authentication / Accept client certificates....

Basic authentication setting is to authenticate user devices without a certificate, The client authenticates either with username / password or with DOMAIN\username / password.
Accept client certificate allows devices to authenticate, it the have a user certificate which is trusted by exchange and corresponds to an user.

Beside this, as far as HTPPS is used, you need a server certificate on exchange for SSL. If this is a self signed certificate, you have to make sure, the client  can trust the certificate. As self signed certs doesn't have an infrastructure, the certificate has to be imported to the devices.

In a Microsoft environment, it makes sense to setup a PKI infrastructure /Certificate services)  to distribute computer and / or user certificates to the clients. This makes at least handling of certs a bit easier and avoids, that certificates expire. Other option is to use public certificates.
0
Member_2_6474242Senior Systems AdministratorAuthor Commented:
can this be related to my ssl as well?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Jose Gabriel Ortega CastroCEOCommented:
Yes it can be,
check that your SSL is up to date and it has been signed using SHA-2 algorithm
0
Member_2_6474242Senior Systems AdministratorAuthor Commented:
thanks to all
0
Member_2_6474242Senior Systems AdministratorAuthor Commented:
thanks
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.