I have a multi-tennant Exchange environment and am working on a migration from Exchange 2007 to 2013. I am having trouble with ActiveSync for mailboxes on 2007, through my 2013 CAS. Here is what my environment looks like:

- Internet-facing Exchange 2007 CAS 2007cas1/10.1.1.2/204.228.1.2 (name/internal IP/external IP)
- Non-Internet-facing Exchange 2007 CAS 2007cas2/10.1.1.3 (name/internal IP)
- Internet-facing Exchange 2013 CAS/MBX 2013casmbx1/10.1.1.4/204.228.1.4 (name/internal IP/external IP)
- 2007 URL: webmail.hosteddomain.com
- 2013 URL: testmail.hosteddomain.com
- Certificate: Third-party CA wildcard cert

I have verified that OWA out OutlookAnywhere work. When I try to connect to my Exchange 2007 mailbox (and only 2007) through ActiveSync, my phone says "Can't connect to server" and I see the following entries in my IIS logs (2013casmbx1):

Front-end: 
2015-06-15 16:28:32 10.147.0.34 OPTIONS /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&ClientId=PYSJZZTTUA9DOEHLZDW&cafeReqId=3b8bbbeb-f258-4f82-8ae2-85ddb58433f7; 443 mtest2@customerdomain.com 10.2.1.2 Android/5.1.1-EAS-2.0 - 500 0 0 124

2015-06-15 16:47:44 10.147.0.34 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&ClientId=YGEGSFJYKEWUKETSAGG&cafeReqId=96b81a28-90ab-45cf-9d7d-c117c7cba7d9; 443 domain\mtest2_customerdomain 10.2.1.2 Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/43.0.2357.124+Safari/537.36 - 500 0 0 21612

Back-end:
2015-06-15 16:28:32 fe80::24f5:677f:e642:1b83%12 OPTIONS /Microsoft-Server-ActiveSync/Proxy/default.eas &Log=PrxTo:2007cas2.domain.local_PrxFrom:fe80%3a%3a24f5%3a677f%3ae642%3a1b83%2512_V0_HH:testmail.hosteddomain.com_SmtpAdrs:mtest2%40customerdomain.com_Error:SendFailure_Mbx:2007mbx1.domain.local_Dc:dc01.domain.local_SBkOffD:L%2f-470_TmRcv16:28:32.7702994_ActivityContextData:ActivityID%3d3b8bbbeb-f258-4f82-8ae2-85ddb58433f7%3bI32%3aADR.C%5bDC01%5d%3d1%3bF%3aADR.AL%5bDC01%5d%3d1.1509%3bI32%3aADS.C%5bDC01%5d%3d3%3bF%3aADS.AL%5bDC01%5d%3d2.216033%3bI32%3aADS.C%5bdc01%5d%3d1%3bF%3aADS.AL%5bdc01%5d%3d1.7718%3bI32%3aATE.C%5bdc01.domain.local%5d%3d1%3bF%3aATE.AL%5bdc01.domain.local%5d%3d0%3bI32%3aATE.C%5bDC01.domain.local%5d%3d3%3bF%3aATE.AL%5bDC01.domain.local%5d%3d5%3bS%3aWLM.Bal%3d480000%3bS%3aWLM.BT%3dEas_Budget:(D)Owner%3aSid%7eDOMAIN%5cMTest2%5Fcustomerdomain%7eEas%7efalse%2cConn%3a0%2

I verified that the AS virtual directories on our 2007 CAS server look like this:
- InternalURL: webmail.hosteddomain.com
- ExternalURL: $null
- BasicAuthEnabled: True
- WindowsAuthEnabled: False

Finally, I verified that my test user as inheritance enabled.

Since all the other mail clients work and ActiveSync works when I'm not trying to proxy through Exchange 2013, I'm not sure what else to check. Thoughts? Thanks.

• Edited by mhashemi Monday, June 15, 2015 7:38 PM

Jim-Xu,

1. Verified 

2. Verified

3. Autodiscover still points to webmail.hosteddomain.com, so it bypasses Exchange 2013. Once I can set up the account manually, I will update DNS to point to 2013.

4. The Remote Connectivity Analyzer failed and showed the following (truncated)

Attempting to send the OPTIONS command to the server.

An HTTP 500 response was returned from IIS7.
HTTP Response Headers:
request-id: 3adc6cca-9188-467c-ac47-73b2aae2ee18
X-CalculatedBETarget: 2013casmbx1.domain.local
X-MS-BackOffDuration: L/-470
X-DiagInfo: 2013casmbx1
X-BEServer: 2013casmbx1
Cache-Control: private
Content-Type: text/html
Set-Cookie: ClientId=VIULIVZSYEUZMVDFBTJBG; expires=Wed, 15-Jun-2016 19:57:13 GMT; path=/; HttpOnly,X-BackEndCookie=S-1-5-21-320083725-3346028824-3299231156-52809=u56Lnp2ejJqBnZ3HnJnMnMbSy8rPmdLLz5nM0p6eyprSz57Hy8vLncvPx86ZgYHNz87K0s/I0s7Jq87GxcrIxc7M; expires=Thu, 16-Jul-2015 19:57:13 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319

I also verified that the Microsoft-Server-ActiveSync virtual directory in IIS 6.5 is setup for Basic auth only. Does it matter if the default domain is specified or not?

• Edited by mhashemi Tuesday, June 16, 2015 8:18 PM

Jim,

As I noted in the initial post, I verified that inheritance is enabled on my test user. I even went as far as verifying that Exchange is in the ACL of the user object, and that it has modify permission for user attributes.

There are no errors in the server's event log. All I have is this "500".

Thanks.