locked
Active Sync not working RRS feed

  • Question

  • Hi I have Exchange server 2013 I planed configure ActiveSync for mobile devices, when I try configure mobile device it can not connect to exchange give me "error 503", in Qradar logs i can see what I connected to exchange request reach to local exchange ip

    but it not work I do not have autodiscover record, I manually configure mobile, i tried write in mobile config ip or dns record(fqdn of exchange) but same error


    System administrator

    Friday, July 10, 2020 10:52 AM

Answers

  • Hi Farid,

    Please upgrade your exchange 2013 version to the latest as the current version is CU4. 

    For Autodiscover, yes you have to create an external DNS record autodiscover.domain.com and allow the incoming HTTPS 443 port on the firewall till the exchange server. you can then browse the external autodiscover url and check if you are getting "600 Invalid request",

    https://autodiscover.domain.com/autodiscover/autodiscover.xml

    For Active sync, since the DNS is resolved to 2 public IP's, yes, firewall port needs to be allowed for both the IP's on HTTPS 443.

    If you prefer manual configuration, then the hostname needs to be added which inturn requires DNS/network firewall. If you use IP instead of hostname, then that will fail due to certificate errors.


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    • Marked as answer by Farid Ahmadov Tuesday, July 14, 2020 5:17 AM
    Sunday, July 12, 2020 9:40 AM

All replies

  • Hi Farid,

    Could you please provide the below information,

    1. Detailed  version of your exchange server

    Get-ExchangeServer | fl Name,AdminDisplayversion

    2. First time setup or it was working and stopped working?

    3. Is the autodiscover and activesync URL's are published and ExternalURL is set on the Active sync virtual directory

    Get-ActiveSyncVirtualDirectory | fl Identity,Server,InternalURL,ExternalURL

    4. Is it happening for all users or some users? If its for some users, check if Active sync is enabled on the user mailbox

    Get-CASMailbox "MailboxName"

    5. Can you run the EXRCA for activesync and share the results by removing the personal information

    Microsoft Remote Connectivity Analyzer

    6. HTTP Error 503 generally means service unavailable, Is the ActiveSync Application pool running under IIS?


    • Edited by Ashokm_14 Sunday, July 12, 2020 6:09 AM content
    Sunday, July 12, 2020 5:59 AM
  • Hi Ashokm_14

    1. Detailed  version of your exchange server - 

    Get-ExchangeServer | fl Name,AdminDisplayversion

    see in attachment

    2. First time setup or it was working and stopped working? -  it first time

    3. Is the autodiscover and activesync URL's are published and ExternalURL is set on the Active sync virtual directory -- in dns we do not have autodiscover record can it work with out it? we tried manully, Activesync URL's are published and ExternalURL is set on the Active sync virtual directory -yes

    Get-ActiveSyncVirtualDirectory | fl Identity,Server,InternalURL,ExternalURL

    see in attachment

    4. Is it happening for all users or some users? for all user Activesync is enable

    5. Can you run the EXRCA for activesync and share the results by removing the personal information

    I think problem here when I nslookup exchange.domain.com it give me 2 public ip address one 443 open second not open when I try check from

    Microsoft Remote Connectivity Analyzer it give me connection error , can I manually write first ip in outlook must it work?  


    System administrator





    Sunday, July 12, 2020 8:46 AM
  • 6. HTTP Error 503 generally means service unavailable, Is the ActiveSync Application pool running under IIS?

    Yes it running


    System administrator

    Sunday, July 12, 2020 8:46 AM
  • Hi Farid,

    Please upgrade your exchange 2013 version to the latest as the current version is CU4. 

    For Autodiscover, yes you have to create an external DNS record autodiscover.domain.com and allow the incoming HTTPS 443 port on the firewall till the exchange server. you can then browse the external autodiscover url and check if you are getting "600 Invalid request",

    https://autodiscover.domain.com/autodiscover/autodiscover.xml

    For Active sync, since the DNS is resolved to 2 public IP's, yes, firewall port needs to be allowed for both the IP's on HTTPS 443.

    If you prefer manual configuration, then the hostname needs to be added which inturn requires DNS/network firewall. If you use IP instead of hostname, then that will fail due to certificate errors.


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    • Marked as answer by Farid Ahmadov Tuesday, July 14, 2020 5:17 AM
    Sunday, July 12, 2020 9:40 AM
  • Hi Farid,

    I agree with Ashokm_14.

    The users who failed to configure Active Sync are inside or outside domain?

    Did you get a detailed report of the error message after using the ExRCA for testing?

    1. With Autodiscover you could easily configure Outlook and mobile devices, so I suggest you to configure mobile device through the Autodiscover service, please create a CNAME resource record in your external DNS. After that, please follow the method provided by Ashokm_14 to verify whether the Autodiscover service can work normally.

    For more information: Autodiscover service.

    2. In addition, here is a link about Troubleshoot ActiveSync with Exchange Server, it will be helpful in troubleshooting according to our situation.

    Regards,

    Lucas Liu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, July 13, 2020 8:37 AM
  • Thanks a lot Ashokm_14 problem was solved, there was issue with dns configuration and network, one of the ip not configured and not allowed 443 port, from exchange connectivity analyzer I can see after dns request to fqdn request went to that ip but port was closed and there was no port forwarding in router configuration, we config for fqdn only one ip and created autodiscover.domain.com record, now it is working thanks

    System administrator

    Tuesday, July 14, 2020 5:17 AM
  • Hi Farid,

    Great news. Glad that the issue has been resolved and the provided suggestion was helpful.



    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    Tuesday, July 14, 2020 5:40 AM
  • Hi Farid,

    I’m pleased to know that the information is helpful to you.

    Here I will provide a brief summary of this post so that other forum members could easily find useful information here:

    Issue Symptom:

    Active Sync not working and get the error 503.

    Cause:

    There was issue with DNS configuration and network, one of the IP not configured and not allowed 443 port.

    Solution:

    Config for fqdn only one ip and created autodiscover.domain.com record.

    This Exchange Server 2013 - Mobility and ActiveSync Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Lucas Liu


    Exchange Server 2013 - Mobility and ActiveSync forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    Friday, July 17, 2020 9:54 AM