none
WM 6.1 Sync Error and IAG RRS feed

  • Question

  • Hi

    I get the following error in IAG for microsoft active sync, windows Mobile 6.1 Device (HTC Touch HD)

    We dont have SP2 yet - our build appears to be 3.7.1.0.31 service pack 1.31 - update - not installed (IAG Appliance)

    heres the error from the log:

    Warning

    06/12/2009 00:05:25

    ID: 45 

    Bad Parameter in URL Security sync (S) Request failed, URL rejected by URL Inspection rule. Trunk: sync; Secure=1; Application Name: Microsoft ActiveSync; Application Type: Activesync; Rule: Activesync_Rule1; Parameter: ef8JCBBkX8JBtqbDyPT/Bl5GhDLMAANQUEM; Value: ; Failure reason: Unmatched parameter. Unmatched parameters are configured to be rejected; Source IP: 193.35.132.236; Method: GET; URL: /Microsoft-Server-ActiveSync?ef8JCBBkX8JBtqbDyPT/Bl5GhDLMAANQUEM=.



    I upgraded all of my exchange environment last night to UR8 (Exchange Server 2007 Sp1 UR8, running on Server 2008 fully patched)

    The IAG talks to a Hub/cas server and that in turn talks to a MBX/HUB/CAS server, with edge running on a 3rd server.

    I have looked at this post, but wonder if its a fix in Sp2 and if so should l upgrade or if not do I really need to modify the activesync logon ?? as per this post ?

    http://social.technet.microsoft.com/Forums/en-US/ForefrontedgePub/thread/6e835676-6ae3-4933-bcb5-d0fdce5e570c/

    Any assistance with this is greatly appreciated.

    Andrew






    Friday, June 12, 2009 3:47 PM

Answers

  • Hi Andrew,
      This issue is resolved as part of IAG 2007 SP2 Update 1, KB967881 http://support.microsoft.com/kb/967881/ outlines the two activesync problems resolved by SP2 Update 1. 

      The changes to ActiveSyncLogin.asp as refered to in the post you mention will not resolve the issue you are seeing with this ruleset error.  That change is specific to only

    "When a Windows Mobile 6.1 device user sends or replies to an e-mail message, this user receives a blank page. After the user dismisses the blank page, the message that the user sent still remains in the Outbox. Additionally, the e-mail message is resent every time that the device is synchronized until the user manually deletes the message from the Outbox.

    If you need to resolve the issue related to ActiveSyncLogin.asp, I would highly recomend upgrading to SP2 Update 1 rather then manually modifying the ASP file. 

      Regarding the ruleset error you describe above, you can manually make a simple change to the ruleset to resolve this error by implementing the ruleset changes introduced in SP2 Update 1, or you can update your appliance.  If you choose to go the manual route, the changes you would need to make are to the IAG ActiveSync Trunk ruleset are to the ActiveSync_Rule1.  To make these changes you will need to open the Advanced Configuration for the ActiveSync trunk named "sync" in your environment and select the URL SET tab, locate the rule and then parameters described below.

    ActiveSync_Rule1:

    Regular Expression Parameter  - "name" modification from e[a-z0-9/+]+ or e[a-z0-9+]+ to e[a-z0-9\/\+]+

    Parameter named ItemID - modification of "value" from a regex value of [0-9:]+ to [a-f0-9:-]+ and modification of "length" from 0:10 to 0:50

    Click OK to close the Advanced Configuration
    Click Activate to apply this change to the IAG configuration
    *note applying the configuration may disrupt active users on IAG when the change is made.

    As I said earlier, these changes are contained in SP2 Update 1, and when possible patching rather then making manual changes is prefered.  If you are not yet on SP2 you should review the SP2 Release KB as well as the SP2 Update 1 KB before upgrading to make sure that you are aware of the changes and potential impact to your deployments.
    http://support.microsoft.com/kb/962977/ - SP2
    http://support.microsoft.com/kb/968384/ - SP2 Update 1

    -Dan

    Friday, June 12, 2009 7:03 PM
    Moderator
  • Hi

    Just wanted to give feedback on this, we opened a support call to get SP2 update 1, but when we installed SP2 we ran in to problems with activesync, installing update 1 did not resolve this. We produced some logs for MS, and they found that the error was due to the security repository, being a different name to our domain, when you install SP2 it inculdes an updated activesynclogon.asp, and this is where things fall down. This is doucmented here (just a shame its not included in SP2 update 1, but hey at least theres a fix) and the fix is easy, you obviously have serveal ways to go, but I just modified the asp file as it seemed the easiest and fastest given commercial pressures and option 1 did not work for me which did seem the best


    http://blogs.technet.com/edgeaccessblog/archive/2009/01/15/after-installing-iag-2007-sp2-mobile-devices-can-no-longer-synchronize-through-iag.aspx



    I would say that IAG support from PSS is the best you get from MS, its just a shame the Exchange 2007 support does not even come close, until your exchange server has been destroyed by someone on the other side of the world.

    Thanks to everyone who helped on this.

    Andrew


    • Marked as answer by andrew_mcse Wednesday, July 1, 2009 11:26 AM
    Wednesday, July 1, 2009 11:26 AM

All replies

  • Hi Andrew,
      This issue is resolved as part of IAG 2007 SP2 Update 1, KB967881 http://support.microsoft.com/kb/967881/ outlines the two activesync problems resolved by SP2 Update 1. 

      The changes to ActiveSyncLogin.asp as refered to in the post you mention will not resolve the issue you are seeing with this ruleset error.  That change is specific to only

    "When a Windows Mobile 6.1 device user sends or replies to an e-mail message, this user receives a blank page. After the user dismisses the blank page, the message that the user sent still remains in the Outbox. Additionally, the e-mail message is resent every time that the device is synchronized until the user manually deletes the message from the Outbox.

    If you need to resolve the issue related to ActiveSyncLogin.asp, I would highly recomend upgrading to SP2 Update 1 rather then manually modifying the ASP file. 

      Regarding the ruleset error you describe above, you can manually make a simple change to the ruleset to resolve this error by implementing the ruleset changes introduced in SP2 Update 1, or you can update your appliance.  If you choose to go the manual route, the changes you would need to make are to the IAG ActiveSync Trunk ruleset are to the ActiveSync_Rule1.  To make these changes you will need to open the Advanced Configuration for the ActiveSync trunk named "sync" in your environment and select the URL SET tab, locate the rule and then parameters described below.

    ActiveSync_Rule1:

    Regular Expression Parameter  - "name" modification from e[a-z0-9/+]+ or e[a-z0-9+]+ to e[a-z0-9\/\+]+

    Parameter named ItemID - modification of "value" from a regex value of [0-9:]+ to [a-f0-9:-]+ and modification of "length" from 0:10 to 0:50

    Click OK to close the Advanced Configuration
    Click Activate to apply this change to the IAG configuration
    *note applying the configuration may disrupt active users on IAG when the change is made.

    As I said earlier, these changes are contained in SP2 Update 1, and when possible patching rather then making manual changes is prefered.  If you are not yet on SP2 you should review the SP2 Release KB as well as the SP2 Update 1 KB before upgrading to make sure that you are aware of the changes and potential impact to your deployments.
    http://support.microsoft.com/kb/962977/ - SP2
    http://support.microsoft.com/kb/968384/ - SP2 Update 1

    -Dan

    Friday, June 12, 2009 7:03 PM
    Moderator
  • Interestingly, I've installed Update 1, and my users are still having the Bad Parameter issue.

    I will check the rule as per the posted settings, to see if the changes have applied correctly.


    Rob
    Sunday, June 14, 2009 6:39 PM
  • Hi Rob

    Thanks for your comment, I will apply the SP2 update and update 1 this week after I ahve reviewed everything and post the outcome here, it will be intersting to see if it get's reoslved. Where are you in terms of Update Rollups for Exchange 2007 SP1 (assuming you are using Ex2007)


    Andrew

     

    Monday, June 15, 2009 9:01 AM
  • I believe we are running Rollup 7, but not 100% sure.

    Rob
    Monday, June 15, 2009 9:59 AM
  • I just checked our rules, and found the following:

    We do not have a parameter called 'name'.

    We have a parameter called 'itemid' but its value and length have not been modified as per the earlier post.


    I wonder if a newly created activesync trunk would have the correct settings, and maybe there is an issue with updating an existing trunk with Update 1?

    Rob
    Monday, June 15, 2009 10:56 AM
  • Hi Andrew, Rob,
      As long as Exchange 2007 SP1 Rollup 5+ is installed on the CAS there are not any issues I'm aware of that would impact activesync from the Exchange side. 

      Sorry if I was a but unclear, on IAG the parameter is not called name it's in the "name" column of the Parameter list.  The name is a regular expression that looks something like: e[a-z0-9/+]+

    Depending on when and how the trunk was created the rulsets applied to ActiveSync may not have updated to the latest available rulests.  If you do not see the updated values I describe above I would recommend that you use the "granularity" slider on the IAG Advanced Configuration "URL Inspection" tab.  Slide it down to Fine.  Click OK, open the Advanced Configuration, select the "URL Inspection" tab and slide the granularity slider back up to extra fine.  This causes the ruleset to be reloaded with the newest default values.  You can now verify that the updated rulesets have been applied by comparing them to the values I’ve described above.
    Regards,
    -Dan

    • Proposed as answer by RobEllis Tuesday, June 16, 2009 12:06 PM
    Tuesday, June 16, 2009 9:54 AM
    Moderator
  • Dan,

    I've just done the slider to fine, slider back to Extra Fine, and sure enough, the rulesets are now showing as correct as per the earlier post.

    Its only been about 10 minutes, but I've not seen any Bad Parameter warnings since I made the change - I was previously seeing them every few minutes, so I suspect we have a winner!

    Many thanks.


    Rob
    Tuesday, June 16, 2009 12:06 PM
  • Hi Rob,
      Great to hear, if you run into any problems with either the ruleset or with activesync after installing SP2 Update 1 i would love to hear about it.
    Regards,
    Dan
    Wednesday, June 17, 2009 1:31 AM
    Moderator
  • Hi

    Just wanted to give feedback on this, we opened a support call to get SP2 update 1, but when we installed SP2 we ran in to problems with activesync, installing update 1 did not resolve this. We produced some logs for MS, and they found that the error was due to the security repository, being a different name to our domain, when you install SP2 it inculdes an updated activesynclogon.asp, and this is where things fall down. This is doucmented here (just a shame its not included in SP2 update 1, but hey at least theres a fix) and the fix is easy, you obviously have serveal ways to go, but I just modified the asp file as it seemed the easiest and fastest given commercial pressures and option 1 did not work for me which did seem the best


    http://blogs.technet.com/edgeaccessblog/archive/2009/01/15/after-installing-iag-2007-sp2-mobile-devices-can-no-longer-synchronize-through-iag.aspx



    I would say that IAG support from PSS is the best you get from MS, its just a shame the Exchange 2007 support does not even come close, until your exchange server has been destroyed by someone on the other side of the world.

    Thanks to everyone who helped on this.

    Andrew


    • Marked as answer by andrew_mcse Wednesday, July 1, 2009 11:26 AM
    Wednesday, July 1, 2009 11:26 AM