asked on

Exchange Server 2016 Active Sync error

Hello!
I have 2 Exchange 2016 CU4 and I have updated to CU11. During to update, at the Mailbox role: Client access front end service I received an error:

[12/22/2018 12:28:23.0810] [2] User specified parameters: -ConfigFileRelativePath:'FrontEnd\HttpProxy\ReportingWebService' -ConfigFileName:'web.config'
[12/22/2018 12:28:23.0810] [2] Beginning processing set-InstallPathInAppConfig
[12/22/2018 12:28:23.0829] [2] Ending processing set-InstallPathInAppConfig
[12/22/2018 12:28:23.0832] [1] Executing:
$fe = get-ActiveSyncVirtualDirectory -server $RoleFqdnOrName -DomainController $RoleDomainController -ErrorAction SilentlyContinue;

if ($fe -eq $null)
{
new-ActiveSyncVirtualDirectory -DomainController $RoleDomainController -Role ClientAccess;
}
else
{
update-ActiveSyncVirtualDirectory $fe -DomainController $RoleDomainController -InstallIsapiFilter $true
}

[12/22/2018 12:28:23.0852] [2] Active Directory session settings for 'Get-ActiveSyncVirtualDirectory' are: View Entire Forest: 'True', Configuration Domain Controller: 'SF******.local', Preferred Global Catalog: 'SF******.local', Preferred Domain Controllers: '{ SF******.local }'
[12/22/2018 12:28:23.0852] [2] User specified parameters: -Server:'SV******.local' -DomainController:'SF-******.local' -ErrorAction:'SilentlyContinue'
[12/22/2018 12:28:23.0852] [2] Beginning processing get-ActiveSyncVirtualDirectory
[12/22/2018 12:28:23.0855] [2] Searching objects "SV******.local" of type "Server" under the root "$null".
[12/22/2018 12:28:23.0919] [2] Previous operation run on domain controller 'SF******.local'.
[12/22/2018 12:28:23.0920] [2] Searching objects of type "ADMobileVirtualDirectory" with filter "$null", scope "SubTree" under the root "SV******".
[12/22/2018 12:28:23.0920] [2] Request filter in Get Task: (&(objectCategory=msExchMobileVirtualDirectory)(|(&(msExchVersion<=1125899906842624)(!(msExchVersion=1125899906842624)))(!(msExchVersion=*)))).
[12/22/2018 12:28:23.0925] [2] Previous operation run on domain controller 'SF******.local'.
[12/22/2018 12:28:23.0926] [2] Preparing to output objects. The maximum size of the result set is "Unlimited".
[12/22/2018 12:28:23.0926] [2] Searching objects "SV******" of type "Server" under the root "$null".
[12/22/2018 12:28:23.0978] [2] Previous operation run on domain controller 'SF-******.local'.
[12/22/2018 12:28:25.0414] [2] Searching objects "SV******" of type "Server" under the root "$null".
[12/22/2018 12:28:25.0468] [2] Previous operation run on domain controller 'SF******.local'.
[12/22/2018 12:28:26.0929] [2] Ending processing get-ActiveSyncVirtualDirectory
[12/22/2018 12:28:26.0942] [1] The following 1 error(s) occurred during task execution:
[12/22/2018 12:28:26.0942] [1] 0. ErrorRecord: Cannot convert 'System.Object[]' to the type 'Microsoft.Exchange.Configuration.Tasks.VirtualDirectoryIdParameter' required by parameter 'Identity'. Specified method is not supported.

I fixed with:
. Open ADSIEDIT.msc, locate:
Configuration-->CN=Services-->CN=Microsoft Exchange-->CN=Organization-->CN=Administrative Groups-->CN=Exchange Administrative Groups-->CN=Servers-->CN=Exchange-->CN=Protocols-->CN=HTTP
b. In the right pane, please check whether the CN= ActiveSync is present. If so, please remove it.
. Install it on the CAS server. Open the “Metabase Explorer
c. Locate: Exchange -> LM -> W3SVC -> 1 -> ROOT.
d. Please check whether ActiveSync is present, if so, remove it.

And I do not create the active sync VD yet. After CU finalize, I created the new active sync VD.
But, now, nobody that use mobile, can connect to receive e-mail. Afer run the:
Test-ActiveSyncConnectivity -URL "http://mail.***********.com.br" -MailboxCredential (Get-Credential user@*******.com.br) I receive the follow error:

Failure The OPTIONS command returned HTTP 200, but the Exchange ActiveSync header (MS-Server-ActiveSync) wasn't returned. The request likely did not reach a Client Access server, either because

- A proxy server intervened (check the headers below for any that may have been returned by a proxy)

-The virtual directory could not be reached: http://mail.***.com.br/

- The virtual directory does not point to a Client Access server: http://mail.*.com.br/

HTTP response headers:
Allow: OPTIONS, TRACE, GET, HEAD, POST
Public: OPTIONS, TRACE,GET, HEAD, POST
Content-Length: 0
Date: Sun, 23 Dec 2018 11:49:00 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

RunspaceId : 928729c2-8f01-421b-b155-fc96bef0e9b6
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificateProvisioningEnabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAuthorityURL :
MobileClientCertTemplateName :
ActiveSyncServer : https://mail.**********.com.br/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUnknownServers : Allow
RemoteDocumentsAllowedServers : {}
RemoteDocumentsBlockedServers : {}
RemoteDocumentsInternalDomainSuffixList : {}
MetabasePath : IIS://SV**********.**********.local/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSync
Path :
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.1 (Build 1591.10)
Server : SV**********
InternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
InternalAuthenticationMethods : {}
ExternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
ExternalAuthenticationMethods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSync (Default Web Site)
DistinguishedName : CN=Microsoft-Server-ActiveSync (Default Web Site),CN=HTTP,CN=Protocols,CN=SV**********,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=cmnp,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=**********,DC=local
Identity : SV**********\Microsoft-Server-ActiveSync (Default Web Site)
Guid : 9c4679c0-0950-4db3-8c7d-dba426da2f5e
ObjectCategory : **********.local/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
WhenChanged : 22/12/2018 17:12:58
WhenCreated : 22/12/2018 17:12:00
WhenChangedUTC : 22/12/2018 19:12:58
WhenCreatedUTC : 22/12/2018 19:12:00
OrganizationId :
Id : SV**********\Microsoft-Server-ActiveSync (Default Web Site)
OriginatingServer : SF**********.local
IsValid : True
ObjectState : Changed

RunspaceId : 928729c2-8f01-421b-b155-fc96bef0e9b6
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificateProvisioningEnabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAuthorityURL :
MobileClientCertTemplateName :
ActiveSyncServer : https://mail.**********.com.br/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUnknownServers : Allow
RemoteDocumentsAllowedServers : {}
RemoteDocumentsBlockedServers : {}
RemoteDocumentsInternalDomainSuffixList : {}
MetabasePath : IIS://SV**********.**********.local/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSync
Path :
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.1 (Build 1591.10)
Server : SV**********
InternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
InternalAuthenticationMethods : {}
ExternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
ExternalAuthenticationMethods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSync (Default Web Site)
DistinguishedName : CN=Microsoft-Server-ActiveSync (Default Web Site),CN=HTTP,CN=Protocols,CN=SV**********,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=cmnp,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=**********,DC=local
Identity : SV**********\Microsoft-Server-ActiveSync (Default Web Site)
Guid : 6a67fc2b-e3f0-4d16-840d-51b75ef5c52e
ObjectCategory : **********.local/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
WhenChanged : 22/12/2018 17:21:07
WhenCreated : 22/12/2018 17:19:14
WhenChangedUTC : 22/12/2018 19:21:07
WhenCreatedUTC : 22/12/2018 19:19:14
OrganizationId :
Id : SV**********\Microsoft-Server-ActiveSync (Default Web Site)
OriginatingServer : SF**********.local
IsValid : True
ObjectState : Changed

RunspaceId : 928729c2-8f01-421b-b155-fc96bef0e9b6
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificateProvisioningEnabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAuthorityURL :
MobileClientCertTemplateName :
ActiveSyncServer : https://mail.**********.com.br/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUnknownServers : Allow
RemoteDocumentsAllowedServers : {}
RemoteDocumentsBlockedServers : {}
RemoteDocumentsInternalDomainSuffixList : {}
MetabasePath : IIS://SV**********.**********.local/W3SVC/3/ROOT/Microsoft-Server-ActiveSync
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : OWA_EXTERNAL
WebSiteSSLEnabled : False
VirtualDirectoryName : Microsoft-Server-ActiveSync
Path :
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.1 (Build 1591.10)
Server : SV**********
InternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
InternalAuthenticationMethods : {}
ExternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
ExternalAuthenticationMethods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSync (OWA_EXTERNAL)
DistinguishedName : CN=Microsoft-Server-ActiveSync (OWA_EXTERNAL),CN=HTTP,CN=Protocols,CN=SV**********,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=cmnp,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=**********,DC=local
Identity : SV**********\Microsoft-Server-ActiveSync (OWA_EXTERNAL)
Guid : ce107c03-6d4c-4882-bde0-1f24c630b28d
ObjectCategory : **********.local/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
WhenChanged : 22/12/2018 21:38:09
WhenCreated : 22/12/2018 21:37:27
WhenChangedUTC : 22/12/2018 23:38:09
WhenCreatedUTC : 22/12/2018 23:37:27
OrganizationId :
Id : SV**********\Microsoft-Server-ActiveSync (OWA_EXTERNAL)
OriginatingServer : SF**********.local
IsValid : True
ObjectState : Changed

RunspaceId : 928729c2-8f01-421b-b155-fc96bef0e9b6
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificateProvisioningEnabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAuthorityURL :
MobileClientCertTemplateName :
ActiveSyncServer : https://mail.**********.com.br/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUnknownServers : Allow
RemoteDocumentsAllowedServers : {}
RemoteDocumentsBlockedServers : {}
RemoteDocumentsInternalDomainSuffixList : {}
MetabasePath : IIS://SV**********.local/W3SVC/3/ROOT/Microsoft-Server-ActiveSync
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : OWA_EXTERNAL
WebSiteSSLEnabled : False
VirtualDirectoryName : Microsoft-Server-ActiveSync
Path :
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.1 (Build 1591.10)
Server : SV**********
InternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
InternalAuthenticationMethods : {}
ExternalUrl : https://mail.**********.com.br/Microsoft-Server-ActiveSync
ExternalAuthenticationMethods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSync (OWA_EXTERNAL)
DistinguishedName : CN=Microsoft-Server-ActiveSync (OWA_EXTERNAL),CN=HTTP,CN=Protocols,CN=SV**********,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=cmnp,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=**********,DC=local
Identity : SV**********\Microsoft-Server-ActiveSync (OWA_EXTERNAL)
Guid : 932ab895-b0b2-4fda-a22d-5c69f5f39343
ObjectCategory : **********.local/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
WhenChanged : 22/12/2018 21:45:33
WhenCreated : 22/12/2018 21:44:46
WhenChangedUTC : 22/12/2018 23:45:33
WhenCreatedUTC : 22/12/2018 23:44:46
OrganizationId :
Id : SV**********\Microsoft-Server-ActiveSync (OWA_EXTERNAL)
OriginatingServer : SF**********.local
IsValid : True
ObjectState : Changed

[PS] C:\>Get-OutlookAnywhere | ft

RunspaceId ServerName SSLOffloading ExternalHostname InternalHostname ExternalClientAuthenticationMethod InternalC
lientAuth
enticatio
nMethod
---------- ---------- ------------- ---------------- ---------------- ---------------------------------- ---------
928729c2-8f01-421b-b155-fc96bef0e9b6 SV****51 True mail.************.com.br mail.************.com.br Negotiate Ntlm
928729c2-8f01-421b-b155-fc96bef0e9b6 SV****41 True mail.************.com.br mail.************.com.br Negotiate Ntlm

[PS] C:\>Get-OutlookProvider | ft

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH 1
EXPR msstd:*.domain.com.br 1
WEB 1

[PS] C:\>

I hope you can help me with this...

Thiago Silva

ASKER

One more thing I just found...

[PS] C:\>Get-ServerHealth -Identity sv*******41 | Where {$_.AlertValue -ne "Healthy" -and $_.AlertValue -ne "Disabled"} | ft -Wrap -AutoSize

Server State Name TargetResource HealthSetName AlertValue ServerComponent
------ ----- ---- -------------- ------------- ---------- ---------------
sv*******41 NotApplicable ActiveSyncCTPMonitor ActiveSync ActiveSync Unhealthy None
sv*******41 Online SubmissionQueueLengthMonitor HubTransport Unknown HubTransport
sv*******41 NotApplicable ActiveSyncDeepTestMonitor ActiveSync ActiveSync.Protocol Unhealthy None
sv*******41 NotApplicable ActiveSyncSelfTestMonitor MSExchangeSyncAppPool ActiveSync.Protocol Unhealthy None

[PS] C:\>Get-ServerHealth -Identity sv*******51 | Where {$_.AlertValue -ne "Healthy" -and $_.AlertValue -ne "Disabled"} | ft -Wrap -AutoSize

Server State Name TargetResource HealthSetName AlertValue ServerComponent
------ ----- ---- -------------- ------------- ---------- ---------------
sv*******51 NotApplicable ActiveSyncCTPMonitor ActiveSync ActiveSync Unhealthy None
sv*******51 NotApplicable ComplianceOutlookLogonToArchiveMapiHttpCtpMonitor Compliance Unhealthy None
sv*******51 Online SubmissionQueueLengthMonitor HubTransport Unknown HubTransport
sv*******51 Online ActiveSyncProxyTestMonitor MSExchangeSyncAppPool ActiveSync.Proxy Unhealthy ActiveSyncProxy
sv*******51 NotApplicable ActiveSyncDeepTestMonitor ActiveSync ActiveSync.Protocol Unhealthy None
sv*******51 NotApplicable ActiveSyncSelfTestMonitor MSExchangeSyncAppPool ActiveSync.Protocol Unhealthy None

Jian An Lim

CU 4 to CU11 is really a brave jump but you really on your own.

Best is to call Microsoft and get a proper ticket to get it fast unless you want to spend your time to get around.

Forward plan is
have your database still working?
If yes,
Do you want to install a new CU11 for front end purpose to check whether it will work? then move the database to the new serveR?

Thiago Silva

ASKER

All the functions are working. Just EAS is not working. The databases are 50/50.

Jian An Lim

have you rebuild the CAS IIS component?
https://blogs.technet.microsoft.com/get-exchangehelp/2013/02/07/managing-exchange-2013-iis-virtual-directories-web-applications/

Thiago Silva

ASKER

Yes. I was all the day with MS Support but no way yet.
I am waiting for a fix. We have checked all the permissions on IIS, recreate some VD, replace web.config, redo assembly dependences, but no way to connect to mobile to active sync.

Event Id 1310
ASP.NET 4.0.30319.0

Event code: 3008
Event message: A configuration error has occurred.
Event time: 24/12/2018 17:24:04
Event time (UTC): 24/12/2018 19:24:04
Event ID: e48c36ba39a2425ebddaf410facadca7
Event sequence: 1
Event occurrence: 1
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/2/ROOT/Microsoft-Server-ActiveSync-21-131901530444406113
Trust level: Full
Application Virtual Path: /Microsoft-Server-ActiveSync
Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\
Machine name: SV***41

Process information:
Process ID: 19844
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM

Exception information:
Exception type: ConfigurationErrorsException
Exception message: Could not load file or assembly 'Microsoft.Exchange.HttpProxy.Routing, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, Boolean checkAptcaBit)

Thiago Silva

ASKER

This is another error...

Event ID 1033
MSExchange ActiveSync

The setting LiveIdBasicAuthModule.ApplicationName in the Web.Config file was missing. Using default value of .

Saif Shaikh

I think exchange is broken.

As a recommendation, I know this is too much but is a solution.

You can create a new VM and install Exchange 2016 latest CU on it.

Forklift the database from old server and mount it on the new VM.

From exchange management shell run command: get-mailbox -database "old forklifted database from old server name" | set-mailbox -database "new mailbox database name of new VM"

This command will re-home all users from old server to new server and everything should start working.

But before this you need to export and import the certificate from old server.
Set all VD's to mail.domain.com as per certificate.
Change the firewall nating to point 25,443 traffic to new VM.

Michael B. Smith

What @Saif has recommended will certainly work, although I think you'll need to do a bit more configuration than he has suggested. :-)

What has Microsoft had you do? Did you recreate the EAS virtual directories? Did you reinstall CU11?

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.