none
ActiveSync not working UAG/Exchange Server 2010 RRS feed

  • Question

  • Hi I also posted this on the Remote Connectivity Analayzer forum. But it was suggested I should post it here as well.  This is the issue:

    We are having trouble getting Activesync working through UAG. We are running Exchange 2010 in coexistence with Exchange 2003. We use two urls both publishing activesync. One URL is going to the 2003 environment which is working fine.  The other is set up to communicate with two Exchange 2010 CAS servers. Basic authentication. is used Testing the ActiveSync connection with Remote Connectivity Analyzer fails.  Testing is ok from resolving host name to testing authentication methods. I copied the last few steps that fail below.

        Additional Details
         ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
        An ActiveSync session is being attempted with the server.
         Errors were encountered while testing the Exchange ActiveSync session.
         
        Test Steps
         
        Attempting to send the OPTIONS command to the server.
         Testing of the OPTIONS command failed. For more information, see Additional Details.
          Tell me more about this issue and how to resolve it
         
        Additional Details
         An unexpected redirect response was received to URL /InternalSite/InternalError.asp?site_name=(removed)&secure=1&error_code=32. I hope anyone can point us in the right direction to get this working.

     

    I already tried different things with the external URL on the CAS servers. With or without the external URL configured it doens't make a difference. Same Remote Connectivity Analyzer results.

    Wednesday, September 14, 2011 2:43 PM

Answers

  • Hi Samovar78,

    this issue you see is releated to the SSL certificate on your internal exchange server.

    Check the SSL certificate settings of your exchange website and make sure the certificate is trusted by UAG and that the releated CRLs are accessible.

    -Kai


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Edited by Kai Wilke Wednesday, September 14, 2011 9:25 PM
    • Proposed as answer by Kai Wilke Saturday, September 17, 2011 11:22 PM
    • Marked as answer by Samovar78 Tuesday, September 20, 2011 12:20 PM
    Wednesday, September 14, 2011 9:25 PM

All replies

  • Hi Samovar78,

    this issue you see is releated to the SSL certificate on your internal exchange server.

    Check the SSL certificate settings of your exchange website and make sure the certificate is trusted by UAG and that the releated CRLs are accessible.

    -Kai


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Edited by Kai Wilke Wednesday, September 14, 2011 9:25 PM
    • Proposed as answer by Kai Wilke Saturday, September 17, 2011 11:22 PM
    • Marked as answer by Samovar78 Tuesday, September 20, 2011 12:20 PM
    Wednesday, September 14, 2011 9:25 PM
  • We are using only self-signed certificates for exchange 2010. Is this a supported configuration with UAG and will this work?

    Monday, September 19, 2011 9:26 AM
  • Hi Samovar,

    using self signed certificates should work, since they are still certificates. Its just a thing of different trust releationships.

    To make the self signed certificate trusted, you have to put the SSL certificate (public key aka. *.cer file) into the root certification store of the UAG box (using the maschine store) then.

    Alternativily you could instruct UAG to skip the validation of the received certificates - but this should be considered as less secure.

    HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL\ValidateRwsCert=0

    HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL\ValidateRwsCertCRL=0

    For additional information regarding the registry keys please refer to http://technet.microsoft.com/en-us/library/ee809087.aspx

    -Kai


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    Monday, September 19, 2011 12:38 PM
  • Hello Kai,

    Thanks for your answers. Another question, is there an option to make UAG ignore Exchange 2010 certificates completely and not use https from uag to cas?  I think this is the way we have set it up for Exchange 2003.

    Tuesday, September 20, 2011 8:12 AM
  • Just tried communicating on port  80 from UAG to CAS:  this worked fine. We will be able to work out the rest with your suggestions. Thanks for your help Kai.
    Tuesday, September 20, 2011 12:23 PM