Activesync sbs2008
- I am trying to troubleshoot exchange 2007 on sbs 2008 activesync with two samsung phones.
Using a godaddy cert. Ran a test on testexchangeconnectivity and it fails at the end of test. 401 IIS error.
The phone gets 0x85010002 error. I could use some assists. articals, suggestions any ideas.
All Replies
- Check the output with https://www.testexchangeconnectivity.com/, and then paste it over so that we can analyze it further.
Try to create a test account and see if the same issue persists?
Check the IIS Logs and let me know the result of the same.
Check the properties of the user and verifiy that EAS is enabled.
Also try to browse https://<OWA URL>/microsoft-server-activeysnc from the client.
Try to access OWA URL from IE in the Windows Mobile and check if there are any issues.
Harpreet Singh Khandiyal (http://support.microsoft.com/kb/555375) 404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
When trying to browes
EAS is enable
Yes all user consistantly get the same error
Attempting to Resolve the host name remote.bigdogit.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 75.146.57.219Testing TCP Port 443 on host remote.bigdogit.com to ensure it is listening/open.
The port was opened successfully.Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname remote.bigdogit.com in Certificate Subject Common nameValidating certificate trust for Windows Mobile Devices
The test passed with some warnings encountered. Please expand additional details.
Additional Details
Certificate is only trusted on Windows Mobile 6.0 and later. Windows Mobile 5.0 and 5.0 + MSFP devices will not be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTesting certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 8/2/2009 5:28:26 PM, NotAfter = 8/2/2010 5:28:26 PMTesting Http Authentication Methods for URL https://remote.bigdogit.com/Microsoft-Server-Activesync/
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: BasicAttempting an Activesync session with server
Errors were encountered while testing the ActiveSync session
Test Steps
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from IIS7- Which Rollup Update have you installed on the Exchange Server.
Try to have the latest i.e. RU9
Do you have ISA as a firewall? If yes, then a sepearte web listener needs to be created for EAS
You can also check out the suggestions as per this thread
http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/3825741a-4616-4da6-a0ac-add29dc3a65a
Harpreet Singh Khandiyal (http://support.microsoft.com/kb/555375) The report looks good, and you don't seem to have any architectural issue. No ISA server... correctly assigned Certificate... correct authentication methods enabled... All seems fine.
Let’s check some simple stuff first :
Does OWA work for the same user?
Does the user have Exchange ActiveSync Enabled?If this doesn't help, try rebuilding the ActiveSync Virtual Directory.
Get-ActiveSyncVirtualDirectoryRemove-ActiveSyncVirtualDirectory -Identity "Microsoft-Server-ActiveSync (ServerName)" -Confirm:$false
New-ActiveSyncVirtualDirectory -WebsiteName " ServerName " -InternalUrl "https://INTERNAL_FQDN_OF_EXCHANGE/Microsoft-Server-ActiveSync" -ExternalUrl "https://remote.bigdogit.com/Microsoft-Server-Activesync/" -ExternalAuthenticationMethods Basic -InternalAuthenticationMethods Basic
Cheers Wayne
Airloom- No ISA
OWA does work from a browser and activesync is and was enable.
As far as removing and rebuilding activesync in IIS. Do you have little bit more instruction.
I assume going to IIS 7.0 /site/sbs web applications/ microsoft-server-activesync and removing it.
Then add virtual Derictory with the same name. After that I am little lost. If you are going to remove and reinstall the virtual directories, use Powershell.
Deleting a Virtual directory and create a blank one is going to get you into trouble fast. If you re-create the virtual directory using Exchange Powershell commands, the virtual directory will be setup correctly. If you are unsure about any of this, do not attempt it in a production environment.In the mean time check the “sbs web applications” site is running. I’ve had this site clash with the "Default Web Site", which stopped it working. Both sites were set to run using port 80 / 443. You can only have one web site running on a single port unless you have host headers configured.
Cheers Wayne
Airloom
- Almost. It was two default record *80 ip in Binds. remove the one in ativesync.
Now just have this error.
Validating certificate trust for Windows Mobile Devices The test passed with some warnings encountered. Please expand additional details. 
Additional Details Certificate is only trusted on Windows Mobile 6.0 and later. Windows Mobile 5.0 and 5.0 + MSFP devices will not be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Certificate is only trusted on Windows Mobile 6.0 and later. Windows Mobile 5.0 and 5.0 + MSFP devices will not be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
I am using windows mobile 6.0 and have no problems using godaddy certs on sbs2003.
Any ideas. Getting close - Your certs are good. It's just a warning, and unless you are using WM 5 devices (we're talking about devices that are in the range of 4 years old) it's not a concern.
The 401 error is related to authentication. Is your IIS set up with multiple authentication methods? Like both anonymous and basic? Try to use only basic.
If you try to open the ActiveSync address in a browser, (http://fqdn/Microsoft-Server-ActiveSync), after authenticating you should get a 501/505 error. - Only one Authentication is selected Basic. (http://fqdn/Microsoft-Server-ActiveSync), failed on 501 so thats good.
On the Device I am getting 0x85010002. Which Rollup Update have you installed on the Exchange Server.
Try to have the latest i.e. RU9
Do you have ISA as a firewall? If yes, then a sepearte web listener needs to be created for EAS
You can also check out the suggestions as per this thread
http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/3825741a-4616-4da6-a0ac-add29dc3a65a
Harpreet Singh Khandiyal (http://support.microsoft.com/kb/555375)
Check the RU. You might be having an older version of massync.dll
Harpreet Singh Khandiyal (http://support.microsoft.com/kb/555375)Since you have a certificate install I'm guessing you want to encrypt your traffic. Did you setup your Virtual Directories to require SSL? ActiveSync Communicates with the Exchange and oma virtual directories. if "Require SSL" is enabled on these virtual directories it breaks ActiveSync on a single box setup. To overcome this limitation you can either disable “Require SSL” or create a new virtual directory. This procedure is outlined in the technote Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003.
Cheers Wayne
Airloom- I appreciate your help. Yes this is a godaddy cert. This is a sbs 2008 with exchange 2007. I never have such issue with sbs 2003 with exchange. The device still is giving me 0x85010002 error. and it Keeps asking me for my password. For testing purpose can you not use a SSL everything I have read says you have too with exchange 2007.
- For Exchange 2003, I would suggest that you check out these 2 articles
http://support.microsoft.com/kb/817379
http://support.microsoft.com/kb/967046
For Exchange 2007, try deleting and then recreating the ActiveSync v-dirs, using th efollowing commands
Remove-ActiveSyncVirtualDirectory -Identity "Microsoft-Server-ActiveSync (ServerName)"
New-ActiveSyncVirtualDirectory -WebsiteName " ServerName " -InternalUrl "https://<EXCHANGE FQDN>/Microsoft-Server-ActiveSync" -ExternalUrl "https://<OWA URL>/Microsoft-Server-Activesync/" -ExternalAuthenticationMethods Basic -InternalAuthenticationMethods Basic
Harpreet Singh Khandiyal (http://support.microsoft.com/kb/555375) For testing purposes turn off require SSL on all the virtual directories. I recommend you still use SSL during Testing, but don't require it. I hope that makes sense. Retest with Test Exchange Connectivity and post log.
If this fails, try the native activesync powershell test on the exchnage server :
Test-ActiveSyncConnectivity -MailboxCredential (Get-Credential domain\user) -UseAutodiscoverForClientAccessServer
This will prompt you for credentials.
Cheers Wayne
Airloom- It was netbios Was using the wrong name silly me. Domain is different then the local domain. sigh..
- Hi,
before recreate a virtual directory try to change authentication at Server Configuration -> Client Access -> Exchange Active Sync at Microsoft Server Active Sync propeties Authentication, enable basic authentication.
I make this and resolve connections problems.
Guirau
