locked
Exchange 2010 Active sync (Access mail in Mobile issues) RRS feed

  • Question

  • Hi

    In my organisation Exchange server 2010 SP1 are deployed before six months itself & we accessed mail in mobile through active sync initially. Recently(one month back) we facing problem in accessing mail in active sync. 

    While we tried to configure mailbox in mobile through Active sync it shows error "Server is not available"

    Initially i don't have autodiscover record in internal dns as well as public dns. Right now i had on both.

    Pls see the error which i received in testconnectivity.microsoft.com

    The Microsoft Connectivity Analyzer is checking the host autodiscover.astraglobal.co for an HTTP redirect to the Autodiscover service.
     

    The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.

     
    Additional Details
     
    An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.
    Headers received:
    Content-Length: 58
    Content-Type: text/html
    Date: Mon, 11 Nov 2013 07:02:55 GMT
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Elapsed Time: 509 ms.

    Kindly help me 

    Thanks

    Monday, November 11, 2013 11:27 AM

All replies

  • Check this and inform the status..

    on the Exchange Active Sync Virtual Directory, (Exchange Management Console -> Server Configuration -> Client Access -> Exchange Active Sync -> Properties of virtual directory -> Authentication ) check whether basic authentication and ignore ssl certificate is selected..

    Also, check allow non provisioned devices are selected

    (Exchange Management Console -> Organization Configuration -> Client Access -> Exchange Active Sync -> Properties of Exchange active sync policy -> check on general tab)

    Monday, November 11, 2013 1:10 PM
  • Hi,

    Agree with the above suggestion, please check "Ignore client certificates" and “basic authentication” in Active Sync configuration and allow non-provisioned devices.

    Additionally,  check the bindings of Active Sync virtual directory and default website in IIS.

    Here are similar cases for your reference:
    http://social.technet.microsoft.com/Forums/exchange/en-US/7291b54b-2d4d-4d18-99cf-67eaa3987e80/activsync-403-forbidden-access-is-denied?forum=exchange2010

    http://social.technet.microsoft.com/Forums/exchange/en-US/7bd8345d-6374-492f-8b58-b7660d1f161c/exchange-2010-activesync-http-403-forbidden-response-error

    If you have any question, please feel free to let me know.

    Thanks,
    Angela


    Angela Shi
    TechNet Community Support

    Tuesday, November 12, 2013 7:43 AM
  • Please find the below inform..

    On General Tab--

    Internal URL

    https://server.domain.local/Microsoft-Server-ActiveSync

    External URL

    https://mail.domain.co/Microsoft-Server-ActiveSync

    & Please see the below snapshot for other information

    

    In Internal DNS i'm having autodiscover host record & SRV record & In external DNS only autodiscover host record is there. 

    Kindly check the given information & help me 

    Thanks

    Tuesday, November 12, 2013 7:50 AM
  • Hi,

    According to your description, basic authentication and ignore SSL certificate has been selected. Thus please also refer to Rajkumar-MCITP’s suggestion to check if selecting allow non-provisioned devices:

    Additionally, please refer to the following troubleshooting:
    1. Check the binding of ActiveSync virtual directory and default site in IIS.
    2. Check if MSExchangeSyncAppPool starts. Here is the path:
    Exchange server>IIS> expanding the server name> Application Pools
    3. Directly access the following URL in IE:
    https:\\autodiscover.astraglobal.co\autodiscover\autodiscover.xml


    Thanks,
    Angela

     


    Angela Shi
    TechNet Community Support

    Thursday, November 14, 2013 3:23 AM
  • Hi,

    Very thanks for your replies

    Allow non provisonable devices are already selected & i checked above points also

    I checked the URL in point 3 It asked user name & password. After given i got the below attached snap 

    Please tell how to check the binding of ActiveSync virtual directory and default site in IIS

    

    Awaiting for your response.

    Thanks 

    Friday, November 15, 2013 5:11 AM
  • Hi,

    Here are the path you can check the bindings:

    IIS> expand site>click default web site> in the actions pane, click bindings>confirm if http points port 80 and https points to port 443> click Microsoft-server-activesync> in the action pane, make sure the correct ports are being used 80 and 443 for active sync bindings

    Let’s also check the following article:

    https://nitrodesk.zendesk.com/entries/20917326-403-Error

    A 403 error is typically returned by the server if your account is not enabled for ActiveSync.

    Thus, create a new Active Sync mailbox policy which allow non-provisionable devices and assign this to the test account and run the Test again:

     http://technet.microsoft.com/en-us/library/bb124120(v=exchg.141).aspx

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Thanks,

    Angela


    Angela Shi
    TechNet Community Support

    Friday, November 15, 2013 6:48 AM
  • 1st thing I would do is get to a supported state.  Go to SP3 min & latest RU.

    Sukh

    Sunday, November 17, 2013 2:03 AM
  • Hi,

    Sorry for late reply

    Please find the below snapshot for bindings information

    Active sync features has been enabled for mailbox with "Allow non-provisional devices"

    thanks

    Tuesday, November 19, 2013 4:52 AM
  • Hi,

    I 'll go for SP3 & latest RU

    Is it possible to upgrade the exchange 2010 from SP1 to SP3 directly

    What are the prerequisites i need to do ?

    Thanks

    Tuesday, November 19, 2013 4:55 AM
  • Yes you can, read the readme notes, basically need to prep the schema and follow instruction. If you have multiple sites, start off with internet facing first.

    http://www.microsoft.com/en-gb/download/details.aspx?id=36768


    Sukh


    • Edited by Sukh828 Tuesday, November 19, 2013 10:20 AM
    Tuesday, November 19, 2013 10:19 AM