locked
Exchange 2007 Active sync error: Http Authentication Test failed RRS feed

  • Question

  • Hello!

    We have just migrated from Exchange 2003 to Exchange 2007. Everything looks like working fine, but there is problem with Active sync

    I have run test in address https://www.testexchangeconnectivity.com/

    And I get following error when I have checked Ignore SSL TRUST

    Testing Http Authentication Methods for URL https://xxx/Microsoft-Server-Activesync/

    Http Authentication Test failed

    Additional Details

    An HTTP 500 response was returned from Unknown

    If I uncheck Ignore SSL TRUST i get also following error

    Validating certificate trust for Windows Mobile Devices
    Certificate trust validation failed
    Additional Details
    The certificate chain did not end in a trusted root. Root = CN=xxx Class2 CA, O=xxx, C=FI

    I have tried Active sync with two different phones (Nokie E55 and E71) and there is following erros in log


    30.12.2009 09:45:07 HTTP error code=500

    30.12.2009 09:45:07 HTTP Server Error 500: Internal Server Error


    If I try to browse Active Sync virtual directory in IIS server I get following error


    HTTP Error 500.19 - Internal Server Error

    Absolute physical path "C:\inetpub\custerr" is not allowed in system.webServer/httpErrors section in web.config file. Use relative path instead.


    Can anyone help me?

    Wednesday, December 30, 2009 8:21 AM

All replies

  • Hi,

     

    I suggest you recreate ActiveSync Virtual directory firstly to troubleshoot the issue:

     

    1. Run Remove-ActiveSyncVirtualDirectory to delete the ActiveSync Virtual directory

    2. Run New-ActiveSyncVirtualDirectory to recreate the  ActiveSync Virtual directory

    3. Restart IIS and check the result by accessing https://www.testexchangeconnectivity.com/

     

    Please let me know whether the same error is encountered. In addition, please let me know your Exchange Environment.

     

    Mike Shen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  

    Thursday, December 31, 2009 3:01 AM
  • Hi!

    I managed to remove and recreate virtual directory but problem didnt solved. I get same errors

    Our exchange environment

    Mailbox1 (CCR)
    Mailbox2 (CCR)
    Mailhub1 (hub and cas roles) NLB
    Mailhub2 (hub and cas roles) NLB

    All servers are Windows server 2008 sp2

    MK
    Thursday, December 31, 2009 8:05 AM
  • Hi,

     

    Would you please post related IIS log on the CAS server for further research? In addition, I suggest you install Windows Mobile Emulator in internal network and have it connect to Exchange Server directly to test whether the activesync issue persists. If yes, please post related error you received on Windows Mobile

     

    For your reference:

     

    Installing and running Windows Mobile emulators

    http://msexchangeteam.com/archive/2007/09/17/447033.aspx

     

    ~~~~~~~~~~~~~~~~

    Mike Shen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please  contact tngfb@microsoft.com 

    ~~~~~~~~~~~~~~~~

     

    Monday, January 4, 2010 7:18 AM
  • Here is one

    2010-01-04 12:24:40 172.16.10.91 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=firstname.lastname&DeviceId=IMEI352924026736368&DeviceType=IMEI352924026736368&Log=V10_LdapC0_LdapL0_ 443 ourdomain3.local\firstname.lastname 193.209.134.157 NokiaE71/2.09(158)MailforExchange 200 0 0 124
    2010-01-04 12:24:42 172.16.10.91 POST /Microsoft-Server-ActiveSync/default.eas User=firstname.lastname&DeviceId=IMEI352924026736368&DeviceType=IMEI352924026736368&Cmd=Settings&Log=V121_LdapC0_LdapL0_RpcC10_RpcL15_Ers1_Pk0_Error:DeviceNotProvisioned_ 443 ourdomain3.local\firstname.lastname 193.209.134.157 NokiaE71/2.09(158)MailforExchange 449 19 13 405
    Monday, January 4, 2010 7:02 PM
  • Here is error messages from Windows Mobile emulator (WM 5.0 MSFP)

    SSL enabled

    The security cerificate on the server is invalid. Contact your Exchange Server administrator or ISP to install
    a valid certificate on the server

    Support code: 0x80072F0D

    SSL Disabled

    Activesync encountered a problem on the server

    Support code: 0x85010014

    Monday, January 4, 2010 8:42 PM
  • Hi,

     

    Thanks for your response and information.

     

    From the IIS log, I noticed that the error DeviceNotProvisioned is encountered when the Nokia Device attempts to sync with Exchange Server.

     

    Regarding the issue, would you please let me know whether the Exchange 2003 has been removed after migrating to Exchange 2007? If not, whether the test user’s mailbox is on Exchange 2003 or 2007. Whether all the users encountered the problem? For example, if you create a new user, whether the issue can be reproduced? Whether is it a CAS-CAS proxy environment?

     

    In addition, please run Get-ActiveSyncMailboxPolicy to check whether AllowNonProvisionableDevices parameter is set True. In addition, please run get-casmailbox to check whether correct activesync policy is applied to test mailbox.

     

    Regarding the Windows Mobile Sync error 0x85010014,  I would like to explain that it is a very generic error. Therefore, I suggest you focus on the certificate problem firstly. Based on the testexchangeconnectivity site result, looks like the Mobile Device does not trust the Certificate. Would you please let me know whether the certificate is issued by a third-party CA or Windows CA. If the certificate is issued by Windows CA, you need to import the root certificate to Exchange Server.

     

    ~~~~~~~~~~~~~~~~

    Mike Shen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please  contact tngfb@microsoft.com 

    ~~~~~~~~~~~~~~~~

     

    Tuesday, January 5, 2010 9:02 AM
  • Hi!

    Exchange 2003 has not been yet removed. We are right now migrating mailboxes to Exchnage 2007. Proble is everyone who have mailbox in new exchange 2007

    Testuser is in Exchange 2007 and and i made new user testuser1 and it doesnt work. Resolution was same as before

    I run Get-activesyncmailboxpolicy and allownonprovionabledevices has set true. Also correct activesync policy is applied to both test mailbox.

    Certificate is issued by third-party CA

    I tried also to do new user testuser2 and mailbox in old exchange2003 system. I run test and everything was OK.

    If I try to go wit  browser to address https://webmail.xxx/Microsoft-Server-Activesync/ I get error http 500 internal server error.

    I have also tried to go our partner-operating organisation address https://partner-organisation/Microsoft-Server-Activesync/ and there I get logon screen with Windows and Windows mobile browser. I get same result if I go to our old Exchange 2003 with old address  

    Could there be problem in CAS server IIS? How can I check that everything is fine in IIS

    MK





    Tuesday, January 5, 2010 10:12 AM
  • Hello,

     

    We have the same exact problem.

    Our situation:

    Windows 2008 Enterprise 64 bit with sp2 and Exchange 2007 SP2.
    We can't find any solution for this problem.

    We still getting error 500:

    Testing Http Authentication Methods for URL https://webmail.petpower.nl/Microsoft-Server-Activesync/
      Http Authentication Test failed
     
    Additional Details
      An HTTP 500 response was returned from Unknown

    Http Authentication Test failed
       Additional Details
      An HTTP 500 response was returned from Unknown 
     

     

    Pleas help,

    Http Authentication Test failed
     
    Additional Details
      An HTTP 500 response was returned from Unknown

    Wednesday, April 14, 2010 12:20 PM
  • I had this problem.  It took 2 dyas to finally find the problem to this.

    I am working with an Exchange 2007 environment.  We couldn't get any iphones to sync with Exchange.

    We spent hours trawling the internet then decided to put in https://XXX/microsoft-server-activesync it reported back some error of 500.19 like you have. Error 500 means nothing, but error 500.19 means a little more.

    Like what you have described, there is a "web" file in C:\inetpub\wwwroot we foudn out that by removing this file it started to work fine, when you test it using the exchange test site, it finally reported back that it was fine.  The thing that was cauing that "web" file to be in c:\innetpub\wwwroot was that we had a redirector for https://XXX/owa so we removed the redirector and it was all working fine.

    Hope this kinda helps all of you with this problem?

    Good luck!

    • Proposed as answer by neilneo Sunday, April 18, 2010 10:23 AM
    Sunday, April 18, 2010 10:22 AM
  • I had this problem.  It took 2 dyas to finally find the problem to this.

    I am working with an Exchange 2007 environment.  We couldn't get any iphones to sync with Exchange.

    We spent hours trawling the internet then decided to put in https://XXX/microsoft-server-activesync it reported back some error of 500.19 like you have. Error 500 means nothing, but error 500.19 means a little more.

    Like what you have described, there is a "web" file in C:\inetpub\wwwroot we foudn out that by removing this file it started to work fine, when you test it using the exchange test site, it finally reported back that it was fine.  The thing that was cauing that "web" file to be in c:\innetpub\wwwroot was that we had a redirector for https://XXX/owa so we removed the redirector and it was all working fine.

    Hope this kinda helps all of you with this problem?

    Good luck!


    Hello,

    I renamed the config file. Then i set the redirection again and everything works fine without errors.

    Thank you very much for the solution.

    gr.

    Arno

    Monday, April 19, 2010 9:05 AM
  • PScenario:
    OMA/activesync users get the error 0X85010014 while doing the ActiveSync with their Exchange Servers.


    Problem:

    ActiveSync will not work when the /Exchange virtual directory on the Exchange back-end servers is configured to require SSL.

    Solution:
    Remove the port 443 from the default web properties in IIS Manager snap in.

    Friday, July 16, 2010 8:39 AM
  • Just wanted to add that I just had the same issues described above and removing web.config from C:\inetpub\wwwroot and issuing an iisreset sorted out the issue.  Obvioulsy you'll want to have a look through web.config and set back up any preferences that are in there that are required.  In our case the only setting in there was a redirect to http://xxx/exchange but it was set to disabled as it was not in-use, so a blank web.config was fine.

     

    For reference I was having the same failure from "https://www.testexchangeconnectivity.com/" - HTTP500 HTTP Authentication Test Failed.  Devices were sporadically syncing, though not in most cases.  Touchdown for Android would sync for a while then stop, iPhones in general wouldn't work after intial setup, though one did sync for a day or two.  I was seeing Error:DeviceNotProvisioned in the IIS logs when an iPhone tried to sync and failed.  Browsing to https://xxx/Microsoft-Server-Exchange gave an internal error with no logon prompt.

     

    Thanks very much Neil!

     

    Philip Harrison

    CW Systems Integration

    Tuesday, August 16, 2011 12:57 PM