Exchange Remote Connectivity Analyzer fails on ActiveSync and EWS tests only


  • Working on an Exchange 2003/2010 coexistence scenario.  There is a single 2003 server and a single 2010 server running CAS, HUB and MBX roles.  When using the Remote Connectivity analyzer, everything works for users with a 2010 mailbox.  When testing 2003 mailboxes, OWA and Outlook Anywhere work, ActiveSync and EWS do not work.  The ActiveSync test fails with the following error:

    Testing HTTP Authentication Methods for URL

     The HTTP authentication methods are correct.

     Additional Details
     The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic

    An ActiveSync session is being attempted with the server.

    Errors were encountered while testing the Exchange ActiveSync session.

     Test Steps

     Attempting to send the OPTIONS command to the server.

     Testing of the OPTIONS command failed. For more information, see Additional Details.

      Additional Details
      An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
      <html xmlns="">
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
      <title>403 - Forbidden: Access is denied.</title>
      <style type="text/css">
      body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
      fieldset{padding:0 15px 10px 15px;}
      h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
      #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
      #content{margin:0 0 0 2%;;}
      <div id="header"><h1>Server Error</h1></div>
      <div id="content">
       <div class="content-container"><fieldset>
       <h2>403 - Forbidden: Access is denied.</h2>
       <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

    The EWS error:

    Exchange Web Services synchronization, notification, availability, and Automatic Replies.
    Not all tests of Exchange Web Services tasks completed.

    Test Steps
    Creating a temporary folder to perform synchronization tests.
    Failed to create temporary folder for performing tests.
    Additional Details

    ErrorInternalServerError: An internal server error occurred. The operation failed

    OWA and Outlook Anywhere pass all tests, but issue a warning because a wildcard certificate is being used (I expected it this warning).

    I've applied the hotfix described in KB937031, verified in IIS Manager that the 2003 ActiveSync virtual directory accepts both Basic and Windows authentication.  I've rebooted the 2003 server since applying the hotfix.  I've been through the blog post found at

    I've verified the thumbprints for the certificates on all devices match, i.e., the same certificate is used on all devices.  I've verified that the NetBIOS domain name is specified for authentication on the 2003 IIS site.

    I've never had this problem before, but this project has certainly had its challenges. 

    Tuesday, June 25, 2013 1:57 PM