Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Activesync and OWA issue on SBS2008

Answered Activesync and OWA issue on SBS2008

  • Thursday, March 15, 2012 9:09 AM
     
     
    Sign In to Vote
    0

    I have moved this here from the Exchange Forums:

    One of my clients has an SBS2008 server and use Nokia mobiles to connect to their exchange accounts.

    This has been working fine for the past couple of years, but after a server reboot last month it isn't working. The Nokia's are just coming up with a certificate error, not giving me a chance to install a new certificate or ignore it.

    I have run https://www.testexchangeconnectivity.com/ and it fails here:

          Testing HTTP Authentication Methods for URL https://remote.companyname.co.uk/Microsoft-Server-ActiveSync/.
           The HTTP authentication test failed.
            Tell me more about this issue and how to resolve it
                       Additional Details
           The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.

    does anyone know what this means? and how to resolve it?

    Also, OWA is not working, i am getting this error;

    404 - File or directory not found.

    or from the server:

    Error Summary
    HTTP Error 404.0 - Not Found
    The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. Detailed Error InformationModule IIS Web Core
    Notification MapRequestHandler
    Handler StaticFile
    Error Code 0x80070002
    Requested URL https://remote.potterowtram.co.uk:443/owa
    Physical Path C:\Program Files\Windows Small Business Server\Bin\WebApp\SBS Web Applications\owa
    Logon Method Anonymous
    Logon User Anonymous
    Most likely causes:
    The directory or file specified does not exist on the Web server.
    The URL contains a typographical error.
    A custom filter or module, such as URLScan, restricts access to the file.

     

All Replies

  • Thursday, March 15, 2012 10:36 AM
     
     
    Sign In to Vote
    0

    Hi

    Are we getting a similar error in Event viewer :-

    Log Name:      System
    Source:        Microsoft-Windows-IIS-W3SVC
    Date:          8/1/2010 11:04:03 AM
    Event ID:      1007
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A

    Please go ahead and check if SBSwebapplications is started in IIS. If not start it . It might through up an error that the port is being used by some other website , please let me know if that is the case.

    Thanks

    SID

    • Proposed As Answer by Raj Gera Thursday, March 15, 2012 10:43 AM
    • Unproposed As Answer by darksidekiller1958 Thursday, March 15, 2012 2:34 PM
    •  
     
  • Thursday, March 15, 2012 10:46 AM
     
     
    Sign In to Vote
    0

    HI,

    Please check if the correct certificate is binded to SBS web application.
    Also check if the certificate is valid or expired.

    Only Anonymous authentication should be enabled on SBS Web Application.

    Thanks

    Raj

     
  • Thursday, March 15, 2012 2:12 PM
     
     
    Sign In to Vote
    0

    hi Raj,

    Please check if the correct certificate is binded to SBS web application.  - - How do i do this?

    I checked if the certificate was expired, and 2 of them were, so i ran this command "get-exchangecertificate -thumbprint <thumbprint> | new-certificate" and it gives the warning:

    this certificate will not be used for external TLS connections with an FQDN of <servername.domain.local> becuase the ca-signed cert with thumprint <thuimbprint> takes precedence.

    I said Yes to All on this, but now all the user pcs are coming up with certificate errors opening outlook!

     
  • Thursday, March 15, 2012 2:19 PM
     
     
    Sign In to Vote
    0

    You check for the cert by going to properties of SBS WEB APPLICATIONS->edit bindings->443->click view against your cert name.

    Re run-IAMW wizard from sbs console ....it will create the required self signed cert and bind it as well.


     
  • Thursday, March 15, 2012 2:39 PM
     
     
    Sign In to Vote
    0

    Sid,

    that error is not coming up in event viewer.

    SBS web applications is already started

     
  • Thursday, March 15, 2012 2:42 PM
     
     
    Sign In to Vote
    0

    This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store - is what is currently said against the cert for sbs web applications on 443

    still worth recreating certificate in iamw?

     
  • Thursday, March 15, 2012 2:46 PM
     
     
    Sign In to Vote
    0

    You need to install the root cert on client:

    http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

    However still go ahead and run IAMW,it only creates a leaf cert....

     
  • Thursday, March 15, 2012 2:47 PM
     
     
    Sign In to Vote
    0
    where do I check anonymous authentication?
     
  • Friday, March 16, 2012 6:40 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    At first, please check the virtual directory settings in the IIS manager according to the article below:

    Title: Default Authentication Settings for Exchange-related Virtual Directories
    URL: http://technet.microsoft.com/en-us/library/gg263433(v=exchg.80).aspx

    Note: After making the changes in the IIS manager, please runiisreset in the command prompt to make sure the changes take effect.

    If the certificate is self-signed certificate, you need to install the Root CA in the mobile device to make sure the trust could be inherited.

    And you need to enter the following URL in the IE browser on the server:

    https://localhost/owa
    https://localhost/Microsoft-Exchange-ActiveSync

    After entering the credentials, please let me know the webpage you have received.

    Please post back your output result here to get further analysis.

    Regards,
    James

    James Xiong

    TechNet Community Support

     
  • Friday, March 16, 2012 11:57 AM
     
     
    Sign In to Vote
    0

    ok, changes made were:

    default web site - untick require ssl

    autodiscover - tick ssl + 128

    ews - tick basic auth, ssl + 128

    exadmin - tick ssl + 128

    exchange - tick ssl + 128

    exchweb - tick ssl + 128

    oab - enable basic auth, tick ssl + 128

    owa - tick ssl + 128

    public - tick 128

    RPC - enable windows auth, enable ssl + require 128

    RPC with Cert - the technet article says by default all auth is disabled, mine has windows auth enabled, I havent changed these ones yet as I am not sure i should . . . ?

    unified messaging - tick ssl + 128

    going to https://localhost/owa gives certificate warning, then login box, then will login to OWA as normal

    going to https://localhost/Microsoft-Exchange-ActiveSync shows

    HTTP Error 404.0 - Not Found

    The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

    Module IIS Web Core
    Notification MapRequestHandler
    Handler StaticFile
    Error Code 0x80070002
    Requested URL https://localhost:443/Microsoft-Exchange-ActiveSync
    Physical Path C:\inetpub\wwwroot\Microsoft-Exchange-ActiveSync
    Logon Method Anonymous
    Logon User Anonymous

    and shows certificate error on the address bar. I have tried installing the certificate but htis does not help.

     
  • Friday, March 16, 2012 11:59 AM
     
     
    Sign In to Vote
    0

    also, now in IIS SBS Web Applications is showing as stopped. when i try to start it i get the error: the web site cannot be started. another web site may be using the same port.

    also, I have tried running the set up your internet address wizard, but it crashed each time i ran it!

     
  • Sunday, March 18, 2012 6:13 AM
     
     
    Sign In to Vote
    0

    At which state did the wizard fail/crash?RWW or exchange?

    Which other website is using the same port?Is it the default website?

    Stop all websites for 10 minutes and then start SBS WEB Applications.Then one by one start the other websites to find out which is causing the conflict.

    SBS Web Applications should have the binding for 443 and correct certificate attached to it and also a binding for port 80.

     
  • Monday, March 19, 2012 12:04 PM
     
     
    Sign In to Vote
    0

    I'm not sure when it is crashing! it starts off doijng the RWW, but crashed before any tick appears by it.

        

    see link of error screenshot: http://imageshack.us/photo/my-images/24/poperrro.jpg/

    SBS web app and default are both using bindings on 443 and 80



     
  • Tuesday, March 20, 2012 3:25 AM
     
     
    Sign In to Vote
    0

    Remove 443 from default website.

    On SBS WEB APPLICATIONS edit the binding for 443 and click view certificate and check which certificate is selected.

    Next go to c:\program files\windows small business server\logs and rename dpcw.log to dpcw.old,then re run IAMW and collect the freshly generated dpcw.log.Put it on public interface of your sky drive and post the link here.

     
  • Tuesday, March 20, 2012 3:52 PM
     
     
    Sign In to Vote
    0
    default website has owa and exchange etc running under it . . .
     
  • Wednesday, March 21, 2012 6:38 AM
     
     Answered
    Sign In to Vote
    0

    That's again incorrect configuration.It only occurs if you re install exchange completely or at least the CAS role.

    Have a look at the following link,run the powershell script mentioned in it to get the default configuration of SBS [in SBS Exchange VD's run under SBS WEB APPLICATIONS]:

    http://technet.microsoft.com/en-us/library/dd767439(WS.10).aspx

     
  • Friday, March 23, 2012 8:49 AM
     
     
    Sign In to Vote
    0
    just a note to say, I didnt have time yesterday to do this, will hopefully get time today.
     
  • Tuesday, March 27, 2012 12:58 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Any Update?

    Towards the output result, https://localhost/Microsoft-Server-ActiveSync returned HTTP 404: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

    It seems that the ActiveSync feature corrupted on the server side, I suggest that you could rebulid the ActiveSync virtual directory to verify the issue.

    Remove-ActiveSyncVirtualDirectory

    New-ActiveSyncVirtualDirectory

    To get the command help, you could run this command in the EMS "Get-help <Your_Queried_Command>-detailed"

    Regards,

    James

    James Xiong

    TechNet Community Support

     
  • Wednesday, March 28, 2012 9:36 AM
     
     
    Sign In to Vote
    0

    This is the result of the powershell script on the above technet article. I wasnt sure what to do about the certificates so i said no to all on them:


    [PS] C:\Windows\system32>.\sbscasreinstall.ps1
    BACKUP object "20120328T102908" added
    Connecting to "POPSERVER.potterowtram.local"
    Logging in as current user using SSPI
    Exporting directory to file C:\Users\ChurchMicros\AppData\Local\Temp\httpbackup_
    129774005498032977.ldf
    Searching for entries...
    Writing out entries............
    12 entries exported

    The command has completed successfully
    Remove-ExchangeCertificate : The internal transport certificate cannot be remov
    ed because that would cause the Microsoft Exchange Transport service to stop. T
    o replace the internal transport certificate, create a new certificate. The new
     certificate will automatically become the internal transport certificate. You
    can then remove the existing certificate.
    Parameter name: Thumbprint
    At C:\Windows\system32\sbscasreinstall.ps1:58 char:120
    + Get-ExchangeCertificate | Where { $_.Subject -eq "$DefaultExchangeCertificate
    " } | ForEach { Remove-ExchangeCertificate <<<<  -Thumbprint $_.Thumbprint }
        + CategoryInfo          : InvalidArgument: (:) [Remove-ExchangeCertificate
       ], ArgumentException
        + FullyQualifiedErrorId : 767D4613,Microsoft.Exchange.Management.SystemCon
       figurationTasks.RemoveExchangeCertificate


    Confirm
    Are you sure you want to perform this action?
    Remove certificate with thumbprint B669A5065F76A4E8BFB684A6EBF8617D6624E13C?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
    (default is "Y"):l

    Confirm
    Are you sure you want to perform this action?
    Remove certificate with thumbprint EB3088C98204EC9B1BB1603FC91FA4F763B79FC5?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
    (default is "Y"):l

    Confirm
    Are you sure you want to perform this action?
    Remove certificate with thumbprint FA288C569DB050752AD9FB4DE11F135FF8A30F0A?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
    (default is "Y"):l

    path                                    system.webServer
    ----                                    ----------------
    SBS Web Applications/ews                system.webServer
    SBS Web Applications/AutoDiscover       system.webServer
    SBS Web Applications/oab                system.webServer

    Attempting stop...
    Internet services successfully stopped
    Attempting start...
    Internet services successfully restarted
    C:\Program Files\Microsoft\Exchange ...
    WARNING: For these configuration changes to take effect, you must restart
    Internet Information Services (IIS). To restart IIS, run the following command:
     "iisreset /noforce".
    \\.\BackOfficeStorage
    \\.\BackOfficeStorage\potterowtram.c...
    \\.\BackOfficeStorage\potterowtram.c...
    \\.\BackOfficeStorage\potterowtram.c...
    C:\Program Files\Microsoft\Exchange ...
    C:\Program Files\Microsoft\Exchange ...
    C:\Program Files\Microsoft\Exchange ...
    C:\Program Files\Microsoft\Exchange ...
    C:\Program Files\Microsoft\Exchange ...

    Attempting stop...
    Internet services successfully stopped
    Attempting start...
    Internet services successfully restarted
    Unlocked section "system.webServer/security/authentication/windowsAuthentication
    " at configuration path "MACHINE/WEBROOT/APPHOST".
    Applied configuration changes to section "system.webServer/security/authenticati
    on/windowsAuthentication" for "MACHINE/WEBROOT/APPHOST/SBS Web Applications/ews"
     at configuration commit path "MACHINE/WEBROOT/APPHOST"
    Applied configuration changes to section "system.webServer/security/authenticati
    on/windowsAuthentication" for "MACHINE/WEBROOT/APPHOST/SBS Web Applications/Auto
    Discover" at configuration commit path "MACHINE/WEBROOT/APPHOST"
    Applied configuration changes to section "system.webServer/security/authenticati
    on/windowsAuthentication" for "MACHINE/WEBROOT/APPHOST/SBS Web Applications/oab"
     at configuration commit path "MACHINE/WEBROOT/APPHOST"
    "Default Web Site" successfully started.
    ERROR ( hresult:800700b7, message:Command execution failed.
    Cannot create a file when that file already exists.
     )


     
  • Wednesday, March 28, 2012 9:59 AM
     
     Answered
    Sign In to Vote
    0

    OWA is working again.

    exchange conecctivity analyzer is successful.

    reconnecting the nokias, they are still coming up with an issue on the certificate. They do work as long as you say "accept certificate this time only". If you choose always accept it seems to stall and not work.

    thanks all

     
  • Thursday, March 29, 2012 12:36 AM
     
     
    Sign In to Vote
    0
    What kinda of certificate do u use?Trusted or self issued?