locked
UAG activesync not working RRS feed

  • Question

  • Hi

    I am trying to create a separate https trunk just for ActiveSync for exchange 2003. I have configured using the wizard and accepted default config but cannot get to work. i did the same process for webmail and that works fine. i tried adding activesync to the webmail trunk and that doesn't work either
    I have checked obvious things like dns and firewall and can see the connection hit the forefront web monitor and can see this error in the event viewer. We are currently running ISA 2006 using these paths and this works fine. I suspect it has something to do with basic authentication rather than path but cannot work it out.

    A request from source IP address x.x.x.x on trunk trunkne; Secure=1 for application MobileSync of type ExchangePub2003SP1 failed. The URL /Microsoft-Server-ActiveSync contains an illegal path. The rule applied is Default rule. The method is OPTIONS.

    Does anyone have same experience or problem?

    Tuesday, February 9, 2010 9:53 PM

Answers

  • It looks like you might have a conflict between the trunks. When you create an ActiveSync trunk, a Ruleset is created to allow this access. The error you see indicates the ruleset is not there, or is incorrect. To see the ruleset, go to the "advanced trunk configuration" for the ActiveSync trunk, and then to the RULESET tab, and scan the rules.

    There would be a bunch of rules there, but the 1st should be named "Activesync_Rule1", and have a URL of "/microsoft-server-activesync. If you don't have that rule there, try to delete the ActiveSync trunk, and create it from scratch. Also, make sure that it doesnt conflict with another trunk that points to the same server or uses the same IP/Port combination.
    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Proposed as answer by Erez Benari Thursday, February 11, 2010 10:59 PM
    • Marked as answer by Erez Benari Thursday, February 18, 2010 12:00 AM
    Thursday, February 11, 2010 10:59 PM

All replies

  • It looks like you might have a conflict between the trunks. When you create an ActiveSync trunk, a Ruleset is created to allow this access. The error you see indicates the ruleset is not there, or is incorrect. To see the ruleset, go to the "advanced trunk configuration" for the ActiveSync trunk, and then to the RULESET tab, and scan the rules.

    There would be a bunch of rules there, but the 1st should be named "Activesync_Rule1", and have a URL of "/microsoft-server-activesync. If you don't have that rule there, try to delete the ActiveSync trunk, and create it from scratch. Also, make sure that it doesnt conflict with another trunk that points to the same server or uses the same IP/Port combination.
    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Proposed as answer by Erez Benari Thursday, February 11, 2010 10:59 PM
    • Marked as answer by Erez Benari Thursday, February 18, 2010 12:00 AM
    Thursday, February 11, 2010 10:59 PM
  • Thanks for you advice. Because the server wasn't live i was able to delete all the trunks and just make one for ActiveSync only. This still didn't work. I then removed the tick box for verify url and it started to work fine.

    I have recreated my other trunks and it all works fine. Should i be worried that i have removed the tick from verify url?

    I am also seeing errors about an illegal path on the WEBMAIL trunk. This on complains about a /url that is for our Symantc Mail archive. I have added the path but the url contains a space and i'm not sure how i should handle this. it shows in the log as %20 where the space is.

    I can't find a lot of documentation yet, i guess this is because it is still very new

    Thanks again for pointing me in the right direction
    Thursday, February 18, 2010 11:33 PM
  • I have a new UAG server which does not have any trunk and if I create a trunk with just an Exchange 2003 ActiveSync, the rule does not get created.  Manually creating the rule does not work because Option Method is not available.

    Regards,


    James

    Monday, June 7, 2010 11:20 PM
  • Here is the workaround.

    1.  If your Exchange 2003 ActiveSync service require SSL and you have attempted to published ActiveSync for Exchange 2003, you may need to delete the application. 

    2.  Recreate the application, and on step 8 - Portal Link - Application URL, change the Application URL to use HTTPS since you will not be able to change it after completing the application wizard.  For Example:  https://mail.company.com/Microsoft-Server-ActiveSync

    3.  Go to the Advanced Trunk Configuration and "Portal" tab.  Change the URL "/Microsoft-Server-ActiveSync.*" under the Manual URL Replacement to use SSL and port 443.

    4.  Copy the Exchange Publishing rule for ActiveSync Exchange 2007 since we can't manually create a rule with the OPTION Method cannot selected.  This may be random behavior but occasionally, I was not able to select the OPTION method so I used step 4-5 as workaround.

    5.  Paste the URL to the Trunk publishing ActiveSync Exchange 2003 and rename the URL name to ExchangePub2003SP1_Rule75.

    Good luck,


    James

     

    Monday, June 14, 2010 11:20 PM
  • This may help too: http://support.microsoft.com/kb/981932

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, June 15, 2010 12:15 PM
  • Hi guys,

    I actually face the same problem than SaabGuy: URL Path Not Allowed

    If I check the Manual URL Replacement settings in trunk configuration, there is a rule for /Microsoft-Server-ActiveSync.*, using SSL to authentication

    I checked the URL Set tab too, and there is also a rule for /microsoft-service-activesync.* with methods OPTIONS, GET and POST

    Anyway, when I try to connect to ActiveSync from external address I cannot contact the Exchange server and UAG's Web Monitor throw me the URL Path Not Allowed error

    I have test all the workarounds desribes here (and some others on forums), but I cannot get trough this pb

    Does anyone succeeded to correct this ActiveSync problem ?

     

    I use Exchange 2003 and UAG Update 1

     

    Fabrice

     

    Thursday, August 19, 2010 12:39 PM
  • Just thought I'd add my tuppence on how I got Exchange 2003 ActiveSync working over UAG SP1.

    I simply went through the wizard to publish ActiveSync (didn't bother with OWA or Outlook Anywhere) and when prompted with the Portal Link I changed it to HTTPS.  Then I went into the properties of the Portal Application and under the "Web Settings" tab I removed the option for "Verify URL" (thanks SaabGuy!) and it works fine.

    Tested ok on Android and Windows Phone 7.5


    • Edited by Erin Carter Thursday, November 10, 2011 2:08 PM typo
    Thursday, November 10, 2011 2:08 PM