Microsoft active sync on exchange 2010

I am currently in co existence mode with exchange 2003 and exchange 2010

While trying to configure active sync via iss manager i get multiple authentications and it doesnt go through.the address reads http://localhost. This happens after i click browse *.80 (http) or browse *.443(https)

Sometimes it also gives http error 505.0 - http version not supported

My exchange active sync settings are as follows
internal url http://server.domain.local/Microsoft-Server-ActiveSync
authentication tab has basic authentication (password is sent in clear text )ticked
client certificate authentication: ignore client certificates

What could be the issue? Is there any other way to configure and test?
Member_2_6474242Senior Systems AdministratorAsked:
Who is Participating?
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Well Basically ActiveSync is meant for external users, and it should be set using the commands for it in 2010, if they are in co-existence then all the connections should go to the 2010 (newer exchange).
and it should be something in "HTTPS", not HTTP,
for example, https://mail.domain.com/Microsoft

To get the URL from the server is:
Get-ActiveSyncVirtualDirectory -Server $env:COMPUTERNAME | select Name,Server,*url,*auth

Open in new window


More on:
https://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx
0
 
BembiCEOCommented:
Hello,

most of the Exchange issues are related either to certificate or to DNS settings...
As Jose said, Active Sync is usually https
This is due the fact, that it is usually used for external access and this should always be secured...

You should not configure Exchange IIS sites using the IIS Manager as Exchange sets all needed settings via PowerShell. If you change them after the Exchange setup of the web sites, they may not be in sync anymore (what Exchange expects and what is set in  IIS) and throw errors.
Better to remove them via Exchange Management Shell and to recreate them in the same way.

The most common configuration is for Active Sync is:
- IIS: Basic Authentication
- Exchange: Basic authentication / Accept client certificates....

Basic authentication setting is to authenticate user devices without a certificate, The client authenticates either with username / password or with DOMAIN\username / password.
Accept client certificate allows devices to authenticate, it the have a user certificate which is trusted by exchange and corresponds to an user.

Beside this, as far as HTPPS is used, you need a server certificate on exchange for SSL. If this is a self signed certificate, you have to make sure, the client  can trust the certificate. As self signed certs doesn't have an infrastructure, the certificate has to be imported to the devices.

In a Microsoft environment, it makes sense to setup a PKI infrastructure /Certificate services)  to distribute computer and / or user certificates to the clients. This makes at least handling of certs a bit easier and avoids, that certificates expire. Other option is to use public certificates.
0
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
can this be related to my ssl as well?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Yes it can be,
check that your SSL is up to date and it has been signed using SHA-2 algorithm
0
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
thanks to all
0
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
thanks
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.