Trying to publish ActiveSync via UAG and having some trouble...


  • Hi there,

    I'm trying to publish OWA and ActiveSync (Exchange 2010) via UAG and I'm having some trouble. Using the Remote Connectivity Analyzer, I get the following error when testing ActiveSync:

    • Testing of the OPTIONS command failed.
    • An unexpected redirect response was received to URL /InternalSite/InternalError.asp?site_name=srpportal&secure=1&error_code=51.

    I have tried chasing down what "error_code=51" refers to, with no avail, but honestly I have a small suspicion that's a red herring and the problem is just that it's receiving a redirect response at all.

    With regards to that, I have checked everywhere in IIS on both the UAG server and the Exchange server for any HTTP Redirects, and it isn't enabled anywhere.

    At this point, I'm not sure where to look next. Can anyone help me figure out what's going on? OWA works fine, only ActiveSync is broken.


    11. ledna 2012 23:33

Všechny reakce

  • Questions:

    * Are you using a CAS Array?  If so check to make sure all directories are configured correctly for Active Sync.
    * Check your certificate on your UAG box.  Is the certificate self-signed or a publicly trusted one?  Also, make sure that the all entire certificate chain is installed - this can be done in the Certificate Manager of the UAG server.
    * If you test your rule from the UAG server, are there any errors on the rule?

    Let us know the results/answers to the questions to help you troubleshoot this further if needed.

    12. ledna 2012 2:08
    • No, we only have one Exchange server.
    • The cert on the UAG box is publicly trusted, and the entire certificate chain is installed.  The Remote Connectivity Analyzer passed the cert checks with flying colours.
    • What do you mean by test the rule?
    12. ledna 2012 16:20
  • On UAG, you can test each rule you create for access to Exchange.  Depending on your setup, you have one or more rules protecting your Exchange 2010 environment.  In UAG you can go to the properties of the rule and on the General tab (I believe) there is a button that says 'Test Rule'.  If you have a rule for just Active sync, go to that rule and do a test to see if there are any errors with the connection to the server.  Also, you can go to the Monitoring section of UAG and log for just that rule to see what errors show up with connections to Exchange.  Lastly you can review your event logs for any errors as well in Exchange.

    12. ledna 2012 16:30
  • I have watched monitoring while running the RCA, and can see the sessions being created but no errors are indicated.  As well, the event logs don't contain any relevant errors, so far as I can see.

    In UAG, I don't see any "rules".  I have an Application to publish Activesync and OWA, and nowhere in there do I see anything about "testing" the application/"rule".

    12. ledna 2012 19:17
  • You are correct on the Test UAG option.  That is for TMG, sorry about that.

    As for errors in the Exchange logs, you can turn up Diagnostic Logging to see if there is anything going on in the Exchange server.  To do that, click on Client Access under Server configuration.  Then right click on your server and select 'Manage Diagnostic Logging Properties'.  Under ActiveSync, set Configuration and Requests to High.  Once you apply these changes, try the connection once more. 

    Run the RCA once more to see if any additional events get generated in the Exchange event logs.  Also, if you have a device, try to connect it to your server as well to see if you get an error on that mobile device.

    12. ledna 2012 22:21
  • Okay, I've turned the ActiveSync logging up to High, and run both the RCA and tried to activate an iPhone.  RCA failed as above, and the iPhone failed with the message "Unable to verify account information."

    No additional events were generated in the Application log.  Is there somewhere else I should be looking?  I even tried setting ActiveSync logging to Expert... no dice.

    13. ledna 2012 16:04
  • Bump.

    16. ledna 2012 16:19
  • Steve,

    Just to be sure, have you followed the instructions here: http://technet.microsoft.com/en-us/library/ee921443.aspx?  Also, what is the authentication set on your Exchange ActiveSync Virtual directory? Is the 'Basic Authentication' box checked? 

    Have you tried the 'Test-ActiveSyncConnectivity' powershell command on your Exchange server?

      Test-ActiveSyncConnectivity -URL  https://<servername>/Microsoft-Server-ActiveSync -MailboxCredential (Get-Credential -Credential <domain>\<login>)

    Did you get any errors?

    16. ledna 2012 18:44
  • Any updates?
    18. ledna 2012 21:33
  • Any updates?
    20. ledna 2012 22:36