Hello, After deploying TMG SP1 (by replacing former ISA 2006), activesync publishing rule starts to log a lot of failures. However most users are communicating fine, some are reporting "server failures" or disconnections (Especialy some versions of Nokia mail for Exchange, i.e. 2.01). Failures in TMG log looks like: Failed Connection Attempt xxxxxx 2/24/2011 2:47:12 PM Log type: Web Proxy (Reverse) Status: 0x80004005 Rule: sync Source: y.y.y.y:55486 Destination: x.x.x.xx:443 Request: POST http://......./Microsoft-Server-ActiveSync?User=kuchm99&DeviceId=Appl790484EFA4S&DeviceType=iPhone&Cmd=Sync Filter information: Req ID: 12ae9ffd; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes Protocol: https User: anonymous Additional information Client agent: Apple-iPhone3C1/803.148 Object source: (No source information is available.) Cache info: 0x8 (Request includes the AUTHORIZATION header.) Processing time: 1 MIME type: This current fail is related to iPhone, I have seen these failures for a bunch of other devices. Searching thorough the internet doesnt lead to any information, even what the status code means. If it is activesync status code, then it means "Synchronization failed due to a device software error.". No more clues I have found yet. David

Please check the IIS log on the CAS server, see if the requests from the problematic devices have reached exchange side Please also check the application log and IIS log on the TMG server after reproduced the issue for further error information Please test the ActiveSync functionality on the Exchange Server Remote Connectivity Analyzer website James Luo TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hello. I will have IIS logs for analyze this evening. But I have done some traffic sniffs of comm between tmg and Exch FE (actualy 2003 sp2), comm isnt encrypted here. I havent seen any protocol errors here, so I asume that Failed connection Attemps ends at TMG. App log - nothing interesting (even with raised logging on ex FE side). ExRCA is OK, as all windows mobile devices are OK. Problem is related to part of Nokia/iPhone users. Whats needed to say is that only change on the path EAS device > exch FE is the OS of firewall (2003>2008R2), firewall version (isa2006>TMG) and hardware (new server). Networking, IPs, rule config, service config (TMG features used) and destination are completely same as it was on ISA. I had to roll-back to ISA, becouse some iPhone users started to complain. I analyzed logs from TMG (10k records, 7hours) and have found that these devices (their http agents) are unable to sync thorough TMG at all (producing above connection Fail): Apple-iPhone/705.18 Apple-iPhone1C2/802.117 Apple-iPhone3C1/803.148 NokiaE66/2.09(158)MailforExchange NokiaE66/3.00(50)MailforExchange NokiaE71/2.09(176)MailforExchange NokiaE751/2.01(0)MailforExchange NokiaN958GB/2.09(158)MailforExchange NokiaN958GB/3.00(50)MailforExchange Those devices have some success rate, so something is maybe syncing (you can see two windows mobile here): Apple-iPhone1C2/803.148 (fail command: varies) MSFT-PPC/5.2.1603 (fail command: FolderSync, Ping) MSFT-PPC/5.2.5080 (fail command: FolderSync) NokiaC700/3.00(0)MailforExchange 3gpp-gba (fail command: FolderSync) NokiaE521/2.02(0)MailforExchange 3gpp-gba (fail command: FolderSync) NokiaE66/2.07(22)MailforExchange (fail command: Ping, Sync) NokiaE66/2.09(176)MailforExchange (fail command: FolderSync, Sync) NokiaE71/2.09(158)MailforExchange (fail command: FolderSync) NokiaE71/3.00(50)MailforExchange (fail command: FolderSync, Search) NokiaN97/2.09(158)MailforExchange (fail command: FolderSync) Those devices are functional: Apple-iPhone/704.11 Apple-iPhone1C2/801.400 Apple-iPhone2C1/803.14800001 MSFT-PPC/5.2.1400 MSFT-PPC/5.2.5086 MSFT-PPC/5.2.5093 N900/1.1 NokiaE66/1.0 NokiaE66/3.00(73)MailforExchange NokiaE71/2.07(0)MailforExchange NokiaE71/2.07(22)MailforExchange NokiaE71/3.00(73)MailforExchange NokiaE90/1.0 TouchDown(MSRPC)/6.4.0002 (Android) It sounds to me, that there is a change in how strict is TMG in protocol checking, because with ISA in place, all devices works (no 0x80004005 fails are loged on ISA). But yet I dont know how to fix current behavior. Also I still dont find explanation for the fail status code. d.